Slashdot Mirror
RIAA's 'Expert' Witness Testimony Now Online
NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"
Oh man, even Chappelle is going over to The Dark Side. That is *not* funny, Dave.
[/humour][17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
I saw something in the transcript that I wanted to point out before anyone else here criticizes Jacobson on it:
Q. By what body are you certified as an engineer?
A. By no professional society.
Q. No professional society? Is there any organization that has certified you as an engineer?
A. No.
Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --
Q. Are you part of any body the members of which are peer-regulated?
A. Can you give me an example of what you are --
Q. A lawyer, an architect, an accountant. I thought an engineer had to be certified by a peer-regulated body.
A. To be called a professional engineer they do.
Q. So are you not a professional engineer?
A. I do not have a PE license.
Based on his Jacobson's research page. It looks like Jacob's, a professor "on the faculty of Electrical and Computer Engineering", is a computer engineer. Given that, the above statement is totally understandable As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE. (Not a single computer engineering professor in my University is). PE's are common in engineering professions where somebody needs to sign off on the final product - civil engineering especially, and mechanical engineering to a lesser extent.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Respect to you Ray.
I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
And it's nice to see that the community could have been of help.
All the best.
"There is nothing nice about Steve Jobs and nothing evil about Bill Gates." - Chuck Peddle
"Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --"
A professor is part of a "peer-regulated" body. He may not be able to call himself an engineer, but that doesn't mean he's not an expert.
As a Software Engineer who does not have a PE, I'm curious as to what areas of software require a PE?
/. to avoid these off-topic subthreads.
About the only ones I can think of are in control systems, particularly where a failure could cause loss of life or serious injury. The computers that control an automobile engine and brakes come to mind. "Secondary" systems which provide life-saving information, such computers in aircraft-control towers, might also require a PE's blessing, but this seems like a stretch.
Are there any software engineers out there who have to have a PE for their current or past SW Engineering job? What job required the PE?
Memo to Cowboyneal: Add a messaging system to
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Does someone want to summarize that deposition before I die of lawyer-speak overdose?
Maybe someone kan point out the juicy tid-bits. I'm up to page 20, and I'm falling asleep.
If you want news from today, you have to come back tomorrow.
This guy comes to the conclusion that it was the defendant's computer, even though there is no evidence from hard drive forensics, and he says there is no wireless router since the IP was registered to the house.
Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.
Why is it that Mr. Gabriel is constantly making an objection to form when the judge just keeps denying him with a lack of foundation? Is it a case of throwing enough shit that some will stick?
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
Not to mention that he maintains he can trace the IP address back to a specific ISP account and computer (emphasis mine). Unless he's a Peeping Tom with a web-cam in the defendant's house, the RIAA should be demanding their money back from him.
Oh, and then there's the place where he maintains that at the time the computer was imaged many months afterwards, that there was no wireless router in use at that time Media Sentry "discovered" this "infringer". Is there a log that keeps records of every IP address you've ever connected with?
And I have to laugh at how he refers to "registered" computers. I thought he was talking about gun registration, or some such thing. I've never heard of my own computer being "registered" to anything. Is this another invented RIAA term, like "Media Distribution System"? Has anyone else ever referred to KaZaA, or any other P2P program, as an MDS? Ray, you can't be letting the RIAA frame the terms of the debate to ignorant Judges.
And don't miss the parts where he says he didn't actually document any of his findings because there was nothing to find, however, you should go through your own copy of the disc to verify my Registry findings that no wireless router was in place. He's supposed to be the expert, and he wants the defense to replicate his findings in the Registry??? Are there any registry experts here? Probably a few, but not many. But he assures us it's there.
Biggest thing is that he says that no KaZaA was present, nor any infringing music files. The only way the RIAA can respond is you sent us the wrong hard drive. No question that the person in question might have actually been innocent. RIAA -- You Bastards!
Glad to know that we helped, Ray! Keep fighting the good fight!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Don't agree with you at all. After being beaten to death with the word "exculpate" in the Duke Rape Case coverage, as well as enough television lawyer shows, "inculpate" should hardly be unfamiliar to anyone with even a passing interest in the law -- and concept of how words are formed in the English language. There were, IMHO, other more amusing lawyer language in the deposition than this one word.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
programming desperately needs the kind of accountability and professionalism that 'real' engineering has.
So would a PE software engineer lose his license if he made software with numerous bugs? Can software engineers really be held to the same level of accountability as structural engineers? I thought it was near on impossible to write error free software these days. What criteria would you use for standards?
We are all just people.
The RIAA lobbyists have been a busy lot. On Friday, they got the Copyright Review Board to grant them a fee based system that will essentially shut down the majority of small Internet Radio stations. Way to go boys. Bring on that corporate commercial media. http://www.radioparadise.com/ http://www.save-internet-radio.com/2007/03/02/save -internet-radio/
If you have a wireless router, anyone could be sharing files on your network. Even with encryption and MAC filtering, a determined outsider could use your network (they probably would just use one of the "Linksys" SSIDs in the neighborhood instead). The term "war driving" was never brought up, stealing wireless access happens enough to have its own term. Most routers come out of the box without encryption (I don't recall one that does). Non-technical people are just happy their "Internet Explorer works" and don't really think about the configuration.
What I don't get are the hard drive forensics. You would have to have someone very competent to remove a program from Windows and not leave traces. Anyone running Windows knows that program removal tends to leave little bits and pieces behind. Like user settings and registry entries. It shouldn't, but they do anyway. Both McAfee and Norton have removal tools because they don't uninstall properly. Not to mention erasure doesn't actually wipe out data on the drive. The fact that the expert witness states that none of the methods he is using are peer reviewed is a concern.
From pages 65 and 66:
... unless you want to eliminate the best "but it wasn't me, honest" excuse the world has to offer.
10 A. This tells me that there was -- yes.
11 There was no router.
12 Q. How does it tell you that there was
13 no router?
14 A. Through the two --
15 If you look at the second chunk down,
16 you will see the source address at the top and you
17 will see the KaZaA IP address midway through that,
18 and they match and they are both public IP
19 addresses.
20 Q. You said they match?
21 A. Uh-huh. The 141.155.57.198.
22 Q. That's the source?
23 A. And then down below you see the KaZaA
24 IP?
25 Q. Yes.
2 A. It's those two IP addresses.
3 Q. What does the first number indicate?
4 A. The first number of the IP address?
5 Q. Yes.
6 No. The second line of that chunk
7 that says "source." What does that indicate?
8 A. That is the source address. That is
9 where the packet came from.
10 Q. Now we go down to the next line you
11 referred to, it says "KaZaA IP." What does that
12 refer to?
13 A. That is the IP address that the KaZaA
14 software is running on, the IP address of the
15 computer that the KaZaA software is running on.
Some routers share their IP public addresses with a DMZ computer.
If the defendant's wireless router did that and a attacker across the street took over her router and made his laptop into a DMZ it would lead to this scenario. Kids, always secure your routers
I knew Doug Jacobson when I was an engineering student at ISU. He seemed like a decent and knowledgeable guy, very interested in computer security.
I'm very sorry to see he's come to this.
Kythe
Yes, to you it may seem odd. However, as a juror I would most certainly be questioning this persons educational background. This guy has a Ph.D., and teaches at a well recognized university - he uses his profession and education to qualify himself as an expert. Showing he lacks in a general area of study moves to discredit him as an expert witness.
It's nothing groundbreaking, and doesn't prove anything about him as a CS expert, but in general it makes him look bad. And if the lawyer were really lucky, he would have gotten angry and let it show. Nothing discredits an expert witness like getting them mad.
In general, people try to distance themselves from someone who is aggressive, and having an outburst on a witness stand certainly makes you look aggressive.
From what I read, it certainly looks like the attorney did a very good job, despite the onslaught of objections from opposing council.
I'm currently studying for the spring Fundamentals of Engineering exam (FE). After taking this exam and working in the field of engineering for 5 years, you can take the Professional Engineering (PE) exam. Its not the easiest test in the world, and its a big pain in the arse. That said, I think a computer science student would have a particularly hard time with it. The morning session (general) is composed of several subjects including chemistry, strengths of materials, physics, thermodynamics, fluid mechanics, a small ethics session, etc. Basically all engineering knowledge known up to 1935, updated to the modern day. Everyone has to take the general session, and I think Comp sci students would struggle with it.
The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.
As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Dear Mr. Beckerman, It seems that you misunderstood one point about IP addresses and NATs, which led to a lot of time wasted in the deposition. In a situation where the user's computer hides behind a NAT, it will still have an IP address on the local network (the one on which the user's computer and the NAT reside). The NAT will have two IP addresses (one on the local network and one on the global internet). In this setup, the IP address space on the local network is completely independent of the IP address space on the global one. The witness explained that the KaZaa software will determine the address of the computer it's running on and includes it in the data it transmits to the outside world, which data is available to other computers connected to the FastTrack network. The way the data gets to the outside world is by being bundled into TCP/IP packets, which carry on them addressing information for routing. It is this addressing information that gets rewritten by the NAT to implement IP masquerating. Now if the home computer is directly connected to the internet (say via dial-up or DSL) then it acts as its own router, and both the addressing (TCP/IP) information on the packet and the (application-generated) content of the packet will agree on the IP address. If the computer is hiding behind the NAT then the routing information on packets will show the IP address of the NAT (the one that was assigned by the ISP) while the KaZaa data in the packet will include the IP address of the software-running computer on the local network (typically in the address space 192.168.x.x which is reserved for such networks). By comparing these two pieces of information he was able to detect which scenario happened in this particular case. Note that I have no personal knowledge about the FastTrack protocol, so I can't say whether this is the way things actually work, but this is what the witness said and it sounds reasonable to me. (that would be the local, private, IP address in this scenario).
In Oregon you have to have a PE to have the word 'Engineer' in your title, or to call yourself one.
The Kruger Dunning explains most post on
He's submitted sworn reports... around 200 of them. But no defendant's lawyer has ever brought him to a deposition before this.
Ray Beckerman +5 Insightful
In the same vein,
I think you misunderstand what a MAC address is. A MAC address is a physical address used by the wired ethernet (and wireless ethernet) protocols to allow several network cards to communicate on a single physical network. If you are on a computer outside this physical network then you have no way of determining the MAC addresses of any computers inside it (IP packet headers don't record MAC addresse, only IP addresses) -- except if the data payload of the packet included the information -- say if you sent your own MAC address in an e-mail. It is possible, however, that Windows records the MAC address of the network cards in the hardware profile in the registry. This could give an indication (but not a proof) that the hard-drive came from the computer it is claimed to have come from.
Regarding the "internal IP address range". As you can see in this wikipedia table, the address range 192.168.x.x (and a few others) are reserved for "private networks". Computers on the internet-at-large are assigned addresses in other ranges. In particular, if you connect to wireless access point, you will typically be assigned an address in a "private network" for the purposes of the internal network. Thus, if the KaZaa software is claiming to the outside world that it is running on a computer with an address in that range, then probably the computer is hiding behind a NAT -- while if it is claiming to be running on a computer with an IP address outside this range then this computer is probably directly connected to the internet.
PS: apologies about the lack of spacing in the parent post -- should have previewed before submitting.
Not all development is engineering work. Nor should it be.
I have dome Engineering work as a developer, and love the enviroment. However I have also done non engineering work.
I wouldn't want someone who is ont following engineering guidlines to be building in mission critical thing where lives are at stake. OTOH, someone doesn't need to be an engineer to write reports, or web scripts.
I liken it to Civil engineering.
To plan and lay pipe in the ground for public use, you need a civil engineerwho specializes in water.
To put in a private sprinkler system, you just need some guys with pipe and a shovel.
The Kruger Dunning explains most post on
Here is my favourite bit (edited from different sections and removing Gabriel's bloody objections to form)
f uckingwhitespaceseriouslyTacowhatareyouguysdoingit sonlyalargeblockquoteImeancomeontheresnotreallyall thatmuchwhitepsaceandyousortofneeditoryougetsenten cesthatlooklikethisyoubloodymorons
Q. Based upon your examination of the hard drive which you examined in this case, what evidence did you find that supported or would support a conclusion that Marie Lindor had personally uploaded any files?
A. The hard drive that I examined showed no evidence of any peer-to-peer software or MP3 music files.
Q. So when you say it was defendant's computer, you don't actually have any knowledge as to whether it was defendant's computer. All you know is that the defendant's name is associated with the internet access account; is that correct?
A. I know that the - yeah, the computer associated with that user account, an IP address was used.
Q. But you don't know whose computer it actually was, do you?
A. No.
Game Over. Even if all you need in a civil case is preponderance of evidence and not absolute proof. They can't find evidence of p2p file sharing on her computer and they can't actually even say that her computer was associated with the IP address. He also doesn't verify anything given to him by MediaSentry (IP address and files downloaded with times) and Verizon (Account information matching IP at times specified by MediaSentry on Verizon's clock), whether there were any security vulnerabilities on the PC (though a drone for p2p seems a bit out there). He teaches a class that covers spoofing IP address and MAC addresses, but at one point refers to IPv6 and then goes on to talk about reserved ranges like 192.168... . He doesn't care to record any of his findings with EnCase because he found no mp3s or p2p software, and that was all Gabriel asked him to look for. He also works and owns stock in company that sells software to combat p2p. Also Ray that was absolutely beautiful. Wow. I usually try to RTFA fully but damn did that take some work. Totally worth it.
stupidmoroniclamenessfilteranditscomplainingabout
Reality must take precedence over public relations, for nature cannot be fooled.
After reading that all I can see if the guy evading the question, flat out denying truths, agreeing with them in limited fashions, constantly playing dumb. His investigation methods are borderline incompetent, after reading that huge PDF I could only say he should not be allowed to be a whitness in any case I mean I'm a third year computer engineering student most of my course emphasis has been on networking and hardware rather than this sort of thing but I can see huge holes in his logic.
1.Doesn't verify his sources Beckermans point about "are mediasomethigns and verizons clock synchronised" is a good one espeacially when you consider his point about the nature of IP address's, at the very least he should have requested the lease time of that IP (so when did the subscriber start using the IP and for how long) to verify that the information had a chance of being correct.
2.No set method, the lack of reports and the fact he never made print outs suggests he doesn't have a set method of investigating, which personnally would make me question his investigation techniques this results in a whole list of problems:
2a.means no evidence supporting the defendent was kept, in effect his not impartial and also hurts the defense 2b.suggests he makes it up as he goes along, a "what seems a good idea at the time", as you can clearly see he's missed out on some issues which are important, like confirming the MAC address of the machine and its method of connecting to the internet.
3.Deliberate attempts to twist what hes saying or not sticking to the question an example would be towards the end where he starts talking about IPV4 and finishs with IPV6. I don't know how either works exactly but he should have talked about both seperatly, the use of both at once means he could be dilibertly hiding stuff, when was IPV6 rolled out anyways? Anouther example would be his linking IP address's directly to a PC, no matter how many times Beckerman tried to get him to admit that when accessed through a router the IP address given to the outside world is the routers not the individual PC's. 4.Lack of actual investigation, now I'm not sure what he was exactly hired to do but by the looks of it RIAA hired him to prove and be a whitness to say that a person used Kaza to download and share music. Hes not done that, hes investigated the drive he was sent found no traces of Kaza on it, or any MP3's (I think he indirectly said this) rather than investigate possible explanations for this, for example did the person own two pc's, did they connect to the internet through a router, could this router have been compromised (perhaps unsecured), perhaps then look for security vulnerabilities to see if it was a zombie machine, or for other security problems. Then if he couldn't prove any of that attempt to verify that mediashares information was correct, check it and check verizons and then attempt to co-oberate that information somehow, for example attempt to obtain the MAC address from the hard drive and from mediashares packet information in otherwords to link them up. Otherwise all he can actually claim is that "The pc in question when inspected did not have the Kazaa program on it at any time, nor does it appeared to have or have had the media files that mediasomething accuse the computer of having" His conclusions from his investigation lack any form of imparitality and it appears that he was unwilling to give any real unbiased opinion.
personnaly after reading that disposition I would seriously call into credibility as a expert or even as a whitness. I'm sure better people than I could take apart his disposition its 3am here I'm tired but those are the things that come to my mind at least
Why are you trying to take this off topic?
Ray Beckerman +5 Insightful
From p. 88:
Q. But you don't know whose computer it actually was, do you?
A. No.
Q. But your report said it was defendant's computer, so I think you will agree that that's an imprecision in your report.
A few unhelpful observations.
This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:
I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.
This is funny, too:
I should buy some cement.
IANAL, but I understand that there are standards for admissibility of scientific evidence, and the questions quoted below (and several that follow) cover them. The most recent ruling is called "Daubert."
Whatever this witness has to say based on his methods is useless because the methods have not been generally accepted and/or there are no peer reviews or tests of the methods' accuracy/reliability and no known level of accuracy/reliability.
Q. Has your method of determining from
the MediaSentry materials whether a particular
computer has been used for uploading or downloading
copyrighted works been tested by any testing body?
A. Not that I have submitted.
Q. Do you know anyone else that is using
your method, other than you?
A. Not that I'm aware of.
Q. Has your method of determining
through the MediaSentry materials whether a
particular computer has been used for uploading or
downloading copyrighted works been subjected to any
form of peer review?
A. Not that I'm aware of.
Q. Has your method of determining from
the MediaSentry materials whether a computer has
been used for uploading or downloading copyrighted
works been published?
A. No.
Q. Is there a known rate of error for
your method?
A. No.
Q. Is there a potential rate of error?
MR. GABRIEL: Object to the form.
A. I guess there is always a potential
of an error.
Q. Do you know of a rate of error?
A. To my process, no.
Q. Are there any standards and controls
over what you have done?
A. No.
Q. Have your methods been generally
accepted in the scientific community?
A. The process has not been vetted
through the scientific community.
About tracing an ip back to a particular computer. The IP in itself obviously can't do that, but I'm fairly certain that part of the IP protocol includes the MAC adress of the requestee. So maybe he was being unclear when he used the term "IP address," and he really meant to say logged data. I'm not in anyway on this guys side, and of course in any regard there is no excuse for being unclear in such a fashion in a court case, but I'm curious from a technical side.
So if someone knows the answer, be great if you let me know (what else is slashdot for, anyway).
Cheers.
Relax I just want some peanuts.
OverlyCriticalGuy
You noted your post explicitly OT, so I don't think you're trying to usurp the main thread.
Ray Beckerman - who's postings and efforts I enjoy and admire tremendously - appears to be a little pissed at your post for going OT, but I'm going to take up your question anyway, mainly because I've spent some time talking to musicians, and one musician in particular, about your question.
Off-Topic
My conversational straw poll indicates that the CRIA (the Canadian equivalent of the RIAA) has been successful in getting musicians to believe they need to be partners with CRIA in a fight against music piracy. I think it's an easy place to take musicians to - it's a hot button topic, and nobody wants to feel they're getting ripped of in life.
But a musician's goal in life shouldn't be to minimise piracy, but rather, from a business perspective anyway, to maximise sales of their music. I don't think that the existence of some amount of piracy is causally linked to less sales; rather, piracy *may* be a component of a new distribution model which can help the artist sell *more* material.
So *if* some of an artist's material is pirated, but overall more people are listening to their music and more people are buying their music, do they really give a shit about the piracy that *may* be occurring?
Framed in those terms, musicians I talk to (and I know this is representative of no more than just those musicians) become a lot less uptight. And for those that still feel they're getting ripped off somehow, the Copying Levy in Canada would seem to take even that away (if the dollars collected under the Copying Levy actually got distributed to artists, 'cause I've never met anyone who's seen a penny of it, which is just another instance of the industry ripping them off, but that's another conversation).
So quit worrying about piracy that may or may not be happening, and embrace that new distribution model and sell more stuff.
I'm not an artist making my living off CD and digital copy sales, so I suppose its easy for me to say, but indie artists I know make their sales at live gigs, and I don't think that that is going to change, or that piracy has shinola to do with that. The opportunity to sell digital copies on-line to a much broader audience is an additive element - gravy on existing sales.
This has nothing to do with the sleazy civil suit stuff exposed in the deposition from Ray Beckerman's blog, which is a pretty incredible read. Interestingly, in Canada, the Copying Levy is the basis for the presence of digital music in a shared folder *not* being a problem, as I understand it. Michael Geist's blog is loaded with informative material on this matter from a Canadian perspective. For example, here's a summary of *CRIA* survey material that suggests that those who download the most music via P2P also purchase the most CD's:
n t/task,view/id,1168/Itemid,85/nsub,/
http://michaelgeist.ca/component/option,com_conte
All of which suggests that the sort of RIAA thuggery shown in the article's linked deposition shoots the industry in its own feet, and then shoves said feet into their big mouths.
[17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
Both 9x and NT-based variants keep information about DHCP address assignments in the registry, so that they can attempt to request their previous IP address after a startup. Specifically, in NT-based systems, you can look under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Tcpip\Parameters\Interfaces" to see a list of interfaces that Windows has available, and under each one of those, there exists a REG_SZ value, aptly named "DhcpIPAddress", which includes, in plain ASCII text in dotted-quad notation the last DHCP address handed to the box by the DHCP server at the IP specified by the "DhcpServer" REG_SZ value. Older entries could potentially exist under the "ControlSet001" and "ControlSet002" keys, both of which are backups.
While this method is by no means bulletproof, it could potentially disclose the last IP address the computer obtained from a particular DHCP server and that would not only be useful, but perhaps even relevant information.
So, one thing no one has commented on, and I wonder if its true or not. Does Kazaa really put your computer's IP address in its packet payload for other nodes on the network to see? If so, why? If not why hasn't anyone pointed this out as the greatest problem with their case?
Obviously the "expert" witness is completely useless at explaining technology to lay people (sorry attorneys, you're lay people in this context). At least 1 hour was wasted with the expert trying to explain the difference between an internal IP address and an external publicly routable address. Of course, the best way to explain it would be to draw it... but anyway, I searched a bit, couldn't find anything about kazaa but if anyone can enlighten us, that would be great.
I thought the MAC address didn't survive the first trip through a router.
Your hair look like poop, Bob! - Wanker.
Objection to form. Lack of foundation.
Wanted: witty unique signature. Must be willing to relocate.
This entire case hinges on screenshots, mystery analysis software "encase", a questionable expert, and an IP address obtained from an ISP. The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."
I suspect that if one were to dig deeper into the so-called evidence, one would learn that information obtained from Verizon is prone to error, and that the procedures for generating the screenshots from KaZaa are based on assumptions which are prone to error and probably performed by monkeys. I want to read the deposition from the "dude/monkey" who took the screenshots, please post that one next.
If I were the lawyer for the defendant, I would already be filing my motion for dismissal "with prejudice" with the award of reasonable lawyer fees for having brought a case without any evidence.
Are there any standards for evidence? Is a printout obtained via supoena really a standard for evidence? If so, I can prove anything you like and as a bonus, I even have a professional certification.
Snoring voraciously... You mean it took all this for people to realize the RIAA lawsuits are Total Bullshit, Draconian in nature, and if perpetrated by anyone else, would have been stopped a long time ago.
A few years from now, any artist worth anything will stay away from RIAA and DRM.
Swallow that parasites...
"It is the mark of an educated mind to be able to entertain a thought without accepting it."
There seems to be a common misconception, that I noted in the testimony, that you have to use one of the reserved IP address ranges on the LAN side of a NATed router. In fact, you can use any address at all (I do). The only downside to this practice is if you eventually have to move the NATed host(s) to the WAN side, they need to be re-addressed - and of course, that only applies to hosts with statically assigned IPs.
In other words, by looking at the IP address contained in the payload, there's no way to tell that it was behind a NAT router or not simply because the IP address was not in a reserved range.
Secondarily, since the computer interface IP address is in the packet payload, that is data that is being sent by an application. The application (whatever it was that was communicating with the P2P network) may:
- lie. It could be a hacked version of a P2P standard application,
- allow user configuration of the IP address in the payload (if I remember correctly, some seem to),
- be broken. I assume all versions of all applications that communicate on the indicated P2P network were not vetted for their proper functioning.
Can You Say Linux? I Knew That You Could.
I've seen Kazaa mess up our DSL connection quite a few times. Now, did we use Kazaa? Nope. (we prefered WinMX and irc, but thats beside the point :-D).
When a user gets on Kazaa, the Kazaa network perpetuates that External IP address through their network. Your external_IP is linked to your kazaa_username. Now, when people search and get your kazaa_username, they hit that IP address. All is fine and good... until you are knocked off of DSL or your dhcp timer is up.
Then, you reconnect using a new external_IP. Now, you have many users on Kazaa that know your username goes to either your old IP or your new IP.
The network trashing occurs to the person who inhabits your OLD external_IP. You see a LOT of bandwidth from users and Kazaa network towards your new IP address. We had a 768/384 Kb connection, and 200 Kb was ate up with garbage from Kazaa from the previous IP inhabitor. This number of garbage connections approaches 0Kb, but never meets it.
Perhaps they detected a residual connection like that.
I stopped stealing music when I found out you could just copy it!
Software patents delenda est.
23 MR. BECKERMAN: Let's take a short
24 break.
25 (Recess taken.)
146 pages for a break.. Glad I didn't know you in school..
What always amazes me in these cases is the "evidence" in the case is often logs and screenshots which are legal equivalent to eyewitness testimony. It contains no actual proof as they are quite easily faked, but they tend to be represented as absolute proof to general computer fearing people because they are computer generated and "computers cant be wrong". I always wanted to demonstrate the silliness of such "proof" by a small act of civil disobedience - write a simple program that given some basic parameters generates a ton of "evidence" or anything on any date complete with logs and screenshots.
I mean there is nothing wrong with eyewitness testimony as long as it is represented as such. What bugs me is that the "eyewitness" in this case is directly paid by the plaintiff. I mean would you, as a juror believe any "eyewitness" in ANY type of case if you know the "eyewitness" is being paid thousands of dollars to testify. I mean paying expert witnesses is one thing, but eyewitnesses? That just seems wrong.
-Em
RelevantElephants: A Somatic WebComic...
I'll begin by saying I'm not trying to argue here (it's too late on a Saturday evening for that), just clarify for my own sake:
You say "The NAT will have two IP addresses" - but what precisely is "The NAT". I don't think a NATted packet will have two IP addresses in the header. The one and only IP Address in the header is rewritten by the NATing router with the public IP Address of the NATing router on the outbound journey and the reverse happens on the return journey.
The packet received from a NATing router by an IP Address on the Wide Area Network (say the "web") will contain some information, in the header I believe, about which host inside the Local Area Network originated the packet, but not enough to actually identify the IP Address. This information is returned and used by the NATing router via an Address Translation Table to be able to forward the returned packet on to the originating host.
It should be possible therefore by analysing packets from a computer, to determine if it is or is not providing NAT for a Local Area Network, shouldn't it?
If this is possible, it doesn't seem to have been done in this case, as the reliance seems to be on recording the IP Address only, which isn't necessarily the "end of the line".
Once I was a four stone apology. Now I am two separate gorillas.
A scientist, an engineer and a programmer are on a road trip. Their car goes out of control on a steep hill and they barely make it to the bottom alive.
The scientist tries to calculate the distance to the nearest repair shop, the engineer suggests checking the wiring and brake pads, and the programmer suggests driving to the top and seeing if it happens again.
My point? Programmers and engineers are different. The best way to solve their problems is different. I trust this CTO more because he doesn't have engineering certification. In the same way a person with a music degree is less specialized as a programmer.
-- http://thegirlorthecar.com funny dating game for guys
It seems obvious to me he's a friend of the RIAA. He runs an anti-P2P company according to this link http://p2pnet.net/story/10845/ and had some kind of DRM scheme or something...
Just because you get modded "insightful" on Slashdot doesn't mean you actually are in real life.
Comment removed based on user account deletion
I did, and found this page. Very interesting in a scary sort of way.
Once I was a four stone apology. Now I am two separate gorillas.
Perhaps you should go back to stealing. It'll cost you less (jail) time and money if you get caught shoplifting a physical CD than if you are accused of making an unauthorized copy of it.
Schrödinger's cat is not amused—maybe.
PWNED!
Q. Based upon your examination of the hard drive which you examined, what evidence did you find that inculpated Marie Lindor personally?
A. Would you please define the second-to-last word.
Q. "Her"?
A. No, "inculpated." Would you please define that for me.
Q. Do you not know what the word "inculpated" means?
A. That's correct.
Q. Are you familiar with the word "exculpate"?
A. No.
Q. What is your educational background?
A. Computer engineering.
Q. Well, which school did you attend? Did you get a Bachelor's degree?
A. Yes.
Q. What school?
A. Iowa State University, science and technology.
Q. When did you graduate?
A. With which degree?
Q. When did you get your Bachelor's degree?
A. 1980.
Q. Do you have any other degrees?
A. I hold a Master of Science in electrical engineering.
Q. When did you get that?
A. 1982.
Q. Any other degrees?
A. A Doctor of Philosophy, Ph.D., in computer engineering.
Q. When was that?
A. 1985.
Q. And you are associate professor at Iowa State University?
A. That is correct.
Q. And you do not know what the word "exculpate" means?
A. That's correct.
Just add {In Space!} to anything.
I don't think the 'expert' really understands quite all that much about networks.
kazaa could be set to use an external IP.
even so, wouldn't the kazaa packet be NAT'd to the external IP?
didn't he forget about multi-homed IP addresses?
and router MAC masquerading?
what about DHCP timeouts?
and DHCP Lease Locks?
what about IP address Spoofing?
Their case is built upon logs from a well-poisoning company and the 'expert' Dr. Lookie-Loo.
wonder why he's never been before a judge?
you can't conveniently leave out pertinent details in a forensic investigation.
the very nature of a forensic investigation is to cover all angles and get the whole story through ALL the evidence that exists.
Dr. Lookie-Loo never performed a forensic investigation into possible security flaws and/or possible compromises of the hard drive?
That's grounds for dismissal of the case in my book.
They're using their grammar skills there.
No, he was talking about the specific objections in the deposition. I'm talking about objections in any deposition, and how they're not uncommon. So we aren't in disagreement based on those posts. Rather, we're replying to different parts of the parent post.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
A. I do not know the inner works of MediaSentry processes and procedures. As well as this exchange: Q. Do you know what procedures Verizon employed to link Ms. Lindor's name and address to the alleged IP address?
A. No. Now, IANAL but it seems like he's kind of fallen down on the job of being an expert witness.
..I'd sleep pretty well tonight, after reading this. It's apparent that this guy is a shill for the RIAA (wonder what size kickback he's getting?) who hasn't got the ability to b*llsh*t effectively.
The RIAA is making Eugene McCarthy look like an amateur..."I have here a list of 200 P2P users..."
Nitewing '98
Everything works...in theory.
Well, I can feel for the defending lawyer, but the NAT discussion didn't quite succeed IMHO. The expert claims that the fact that the Kazaa packet had the public IP address means that the computer wasn't behind NAT. But the lawyer counters with a paper describing how Kazaa (since version 2.0) uses a technique to determine it's public IP address in order to get around certain NAT problems.
This should have been the killer point. I completely trashes the expert's claim of expertness on the protocol. However, the wording was just too confusing for most people to really understand. I'm not a lawyer so I'm not quite sure what could have been done better, but if possible I certainly wouldn't leave it like this.
In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies). A good question would have been "Have you ever seen anything other than a public IP address
in a Kazaa packet?"
If there is another opportunity it would be a good idea to nail this point home. Really, if the expert can't understand how a p2p program defeats NAT by discovering it's public IP address, then he isn't much of an expert. And if you show that having the public IP in the Kazaa packet does *not* mean it was installed on the computer containing the NIC assigned the address, then really they have no information at all...
The lawyer Objected to 'form' (the way the question was asked) 147 times by my count. There were areas where he did it several times per question and others where he objected to things that seemed straightforeward. A browse on the net shows that this is considered a 'rambo lawyer' tactic and is frowned upon. It is often used as a distraction tactic (try keeping your train of thought when he keeps that up) and to allow discreditation at a later date. I would like to submit as evidence this networking textbook.
Page 103:
Hahahahahaha!!!
All data is speech. All speech is Free.
Embarassingly far down in the document, there's a funny "hear-o"
A. A search on KaZaA can "prop you will gate" from one supernode to another.
I'm guessing he said "propogate"..
Yes, I've even had an idea about how to accomplish this without the usual unpleasant side-effects.
FATMOUSE + YOU = FATMOUSE
This wittness is purported to be an expert wittness in technical matters RELATING TO TRIAL - he is a college proffessor, and supposedly a CTO of a company that purports to find and expunge criminal activity. This is not an unsophisticated wittness. What Mr. Beckerman does here fairly well is push the wittness right from the start into territory where it becomes clear to the reader that the plaintiff's lawyer has briefed him to avoid acknowledging links between RIAA and his own company - then pushes him over into one untennable position after another.
The theme of this deposition is that the wittness is a rubber stamp for the plaintiff's theory, and quite possibly a liar or incompetent to serve as an expert wittness. An expert whose role is to analyz evidence who has never heard the term exculpate, as in "to clear from guilt" is a rather odd image.
Exculpate is NOT a term of art. It is plain english. Read a damn dictionairy.
-GiH
Philosophy at many schools no longer involves an intensive study of latin. You read plato in english translation, and do the best you can to avoid looking to deeply into what 'a priori' really means when you reach Kant. As for the law, law students don't have to learn to analyze latin, they memorize a half dozen turns of phrase that they use alot. "inter alia", "infra", "supra", "stare decisis", etc.
Intelectualism is dead.
-GiH
Yeah, first I was a programer, then I was a philosopher. Now I'm in law school.
Bleedingly simple. They need to provide a more compelling product than what people can get via P2P.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
I think I know exculpate and could infer inculpate. However you are quite right that you have to be exact before answering the lawyer.
See my journal, I write things there
Found this gem about Steve Gibson at wirelessforums.org:
While he may be right about this issue, you should be sure to check out GRC Sucks before giving him too much credit.
Quidquid latine dictum sit, altum sonatur.
Not trying to be a troll here, but why is knowledge of latin often seen as a requirement for intellectualism?
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
I think he meant public, not republic. There are a handful of typos in the deposition. It sort of looks like the after-effects of a TTS synthesizer in some places (i.e. words have no sense in the context of the sentence but are very similar to something that would make sense in context and only off by a few letters). He's admitting that if a router were connected to the internet that there's nothing stopping someone from having a number of other routers, bridges, switches, etc. behind it, but it is his opinion that there is no router because the P2P network or any other outside party would have to be able to address a computer behind the router running Kazaa and it was never given such an address when Kazaa established the link. It's true that if I go to a computer store and buy a router from Netgear or whatever then that is how it is handled. But what is also possible, and what I think the end of the deposition was establishing, is that if the computer of the woman were infected and just receiving and sending packets and then forwarding them to and from another computer which was abusing that infection, it could be used as a proxy for file sharing. In that case it would indeed be acting as a kind of routing device, but to the Internet at large all of the communication would appear to be coming solely from her PC. As a very simple example, say I write a program that opens two sockets, one to my computer and one to yours and I install this program on your grandfather's computer and it runs in the background and your grandfather never has any idea it's there. Now when this connection to my computer is established, I send data from my computer to your grandfather, and the program on your grandfather's computer then sends whatever data it receives to your computer. And vice versa, whenever the program in your grandfather's computer receives data from your computer, it sends it to my computer. If the analyst for the RIAA went and looked at your grandfather's hard drive and network logs from your computer, he would only be able to determine that there was traffic between the two. He would not have any reason to believe I was ever involved unless he stumbled upon the program I installed. But as he admitted in the deposition, he never bothered to look for anything like that. If it were there, of course he would think there was no router between your grandfather's computer and yours--because in reality your grandfather's computer would be the router. One would think that as part of his investigation he could've bothered to spend ten minutes at least running a virus scanner. But of course if anything turned up it would mean the RIAA had wasted countless dollars and man-hours and he would probably not be asked to investigate for them anymore.
brandelf: invalid ELF type 'KEEBLER'
Bullshit. The file is encoded in ASCII. Just because your browser tells you something doesn't mean it's true.
c++;
The bulk of the testimony seams to indicate that Mrs. Lindor had a Cable Modem. However, Dr. Jacobson testified he wasn't certain if she had a cable modem or a DSL modem. If you look at the tracert log you see the line:
This would lead me to believe that this is likely a DSL address. It is a pretty major detail could really weaken the RIAA case. The exhibit is at: http://www.ilrweb.com/viewILRPDF.asp?filename=umg_ lindor_070223JacobsonEx13
You can run a tracert and find out if you are connected via that router by typing something like this at the Windows XP command line:
or
It would be really interesting to know if any New York customers connecting through a3-0-0-1728.dsl-rtr10.ny325.verizon-gni.net are running DSL or Cable Modems. It might really help the case.
And what does it matter anyway when viewing English text? I had a hunch and looked this up...
From http://en.wikipedia.org/wiki/ISO_8859-1
"The lower range 20 to 7E (the G0 subset) maps exactly to the same coded G0 subset of the ISO 646 US variant (commonly known as ASCII) [...]"
Heck I did not know either: excupate
The hatred for the RIAA here is well-established. Out of genuine curiosity, what do Slashdotters think artists and others who work in the music industry should do to protect themselves from piracy?
First off let us be clear...it is not the artists who are hurt by filesharing....it is the music publishers. The 99% of artists who have not been signed to a profitable music industry contract stand to lose nothing by the free sharing of their music.
Time is what keeps everything from happening all at once.
"Their confidence in their investigative methods is, to say the least, unfounded, as the "expert" upon whom they will call to testify that there was a copyright infringement, admits that (a) he has no clue as to what natural person may have engaged in any uploads or downloads, (b) he has no clue as to what methods the investigators used to get the materials upon which he bases his opinions, (c) he has no clue as to whether the investigator's methods have ever been reviewed or tested by anyone, (d) his own methods are entirely self taught and have never been reviewed or tested by anyone, and (e) there are no standards or controls. (Exhibit F-Excerpts from deposition of Dr. Doug Jacobson, February 23, 2007)."
I've had some limited experience with them and I have to say that they generally fail to explain anything, and what they do explain they explain in an efficient way. Because the nature of the proceeding is that they are getting information from this one guy, and most people involved don't really understand the issues involved, there generally are a lot of concepts to explain. However you cannot let the person being deposed, or an independent expert, come and give a briefing on say, the OSI model or how packet transmission and routing is done. As a result the attorney asks a question the expert they hired came up with, but doesn't really understand what the question itself means. Them the person being deposed has to explain the question, and then answer it. Since from the enquirer's perspective this is all part of the answer they can easily get bogged down questioning the facts and not the testimony. Or just fail to perceive the difference between them. From an attorney's persective the problem with experts is that only experts actually understand them. As a result, a bunch of enquiries that most of us could have made conversationally in the course of about 20 minutes were filtered through a bunch of interrogatory lawyer talk and confusion and revealed much less in more time. Overall I think the expert held his own pretty well, since he was only really being deposed on the individual reports, and each one seemed internally consistent as far as I could see.
It might be OK as long as the services offered are within the regulations. The specific guidelines are part of the Texas Administrative Code, Title 22, Part 6, Chapter 137, Subchapter A, Rule 137.3
Rule 137.3
Excerpt:
(A) offer to perform engineering services to the public;
(B) use the designation outside the scope of 1001.057 or 1001.058 to convey the ability or willingness to perform engineering services or make an engineering judgment requiring a licensed professional engineer.
I wonder why kazzaa includes the computers NIC ip in conversation with other nodes. This strikes me as creepy.
Probably so that if there's a discrepancy between the two, the other can show a warning next to the address indicating that it's probably firewalled.
He's referring to the nameserver addresses that are supplied to the computer as part of the DHCP configuration information.
Since when does filtering have many differnt meanings?
Well, there are at least two that are vaguely relevant to the field -- one being to strip out part of a signal that is unwanted (which is clearly what was intended here) the other being to transform a signal in order to change its qualities (e.g., applying an averaging filter to remove noise from an audio signal).
Seriously, I had never heard of that word either. It was kind of lame that the lawyer spent so much time drilling him on it.
He's a professional expert witness. Expert witnesses, among other things, are generally expected to have at least some knowledge of legal terminology.
Comment removed based on user account deletion
u shd watch the fox reality quiz show, r u smarter then a 5 th grader. one constestatn, ID as an amer hist grad from usc, did not know the 1st american prez to be impeached.
/. coulnt see the forest if the trees were all cut down and turned into paper billboards of forests...
and u r proud of your status.
unbeleivable.
and , u will probably object to my spelling errors, typical
There seems to be a lot of mis conceptions on /. about how the legal system works. read "A civil action" and pay particular attention to the evil smart harvard lawyer (I forget his name, starts with an F i think)
This guy is clearly a rent a genius, and one of the tricks he uses to completely foils the opposition is the psychological effect of objections...
also pay attention to the two experts in the case; both are international renowned academics and total jerks.
remember OJ and the glove ?
the point is, that in these legal cases where 10s of millions of dollars are at stake, it is the norm, not the exception to have totally incompetent witnesses, and totally lazy defense lawyers; after all, if the RIAA is paying you 500 buck s an hour plus exspenses, u gonna work hard or cruise ? It may sound surprising, but in a lot of cases large companies get taken to the cleaners by their law firms
This right here is exactly how to attack his testimony.
:]
From this, you have that this testimony is not based on any sort of science, no one has any clue how reliable it is, and it (should) be totally inadmissible in court.
And if he tries to say "well, but how could we connect to someone who wasn't sharing a file?" or something like that, I'd go down the route of just how you identify who is behind any given IP.
I mean, if you traced the IP I'm on right now, I guarantee that you'd find someone else entirely
If you do not already know, Verizon is a phone company. As such, it does not offer a cable internet service. This would conclude that she was using DSL. There address information collaborates that.
6 Q. What type of internet service was
7 used by the computer that MediaSentry was
8 interacting with?
9 A. There wasn't enough information from
10 Verizon to indicate whether it was a cable modem or
11 a DSL.
12 Q. So you don't know?
13 A. No.
The fact that he does not even know something as simple as whether a major company such as Verizon does not even offer a cable internet service and therefore does not use cable modems, pretty much discredits him.
Either it was a function of the attorney's inexperience, or it was a function of a calculated attempt to use up the limited time we had. (I'd agreed to end early since Dr. Jacobson had an afternoon flight to catch.).
Ray Beckerman +5 Insightful
Well you're more of a lawyer than his lawyers are.
Ray Beckerman +5 Insightful
No, I wasn't talking about the specific type of objection seen here. I was simply saying that objections in depositions are not uncommon.
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
Interesting thought. Thanks.
Ray Beckerman +5 Insightful
I'd say that's the wrong question. The real question is "do you have any information suggesting that it IS correct?"
A reasonable expert!? I doubt that I qualify as an expert, even if I probably know as much about the technology as he does, but there's no way I'd rely on some letter that gave no more information than "that IP belonged to that subscriber at that time"
In other words, while I don't think I'm an expert, there's no way in hell I could rely on information like this.
That said, I really don't understand this line of questioning:
Private IPs like that wouldn't show up in anyone's logs, unless the logs were taken from the same LAN. Instead, whatever router you were connected through would likely have a public IP. So the setup would be something like:
[ PC | Internal 192.168.1.100 ] [ Router | Internal 192.168.1.1 | External 1.2.3.4 ] [ Internet ]
As you can see, the PC has a hidden internal IP, while the router has two IPs. Anyone on the internet will see all connections originating on the PC as coming from the router. A more interesting thing is that ALL connections through said router will come from that same external IP (1.2.3.4 in my example). This is especially true if you have an open wireless connection--to the outside, ALL the people connected through the router look the same.
If you need more information on such addresses, here's a good article on Wikipedia with the basics, and RFC 1918 if you need the technical details. There are also Zeroconf addresses, too (see RFC 3330 and RFC 3927), but those don't appear to be at issue here.
This is flat-out wrong. Yes, you CAN find the OUI that might well give you enough information to find out who made the hardware. The problem is that you can change the whole damn MAC address. Conveniently, Wikipedia even has instructions on how to change your MAC on many OSes, although there's an illustrated guide on changing your MAC, elsewhere.
This guy may know a bit of programming, but this kind of stuff makes it pretty clear to me that he has no idea how people can and do manipulate information. It's pretty clear to me that he's done little more than investigate only those things which might support their case and has completely ignored anything which might cast doubt upon it.
Is this the new word for "lie"?
Why is he not already IN JAIL for PERJURY?
Don't thank God, thank a doctor!
Someone could also pull the dialup info out of someone's trash and use it for free internet. This is common. It can also be guessed. A computer with a modem can be configured to dial up the server and try permutations repeatedly until it gets a correct username and password.
Any other kind of connection can be wireless, using the "DMZ" configuration option of the wireless router to specify which computer gets the world visible ip address. It is often possible using the default account and password of the wireless router to configure this remotely. The other hosts connected to the router would get NAT translated addresses, but the DMZ host would use the real IP address. A person who is using your wireless access point to share files might do this to improve the network performance. A novice would not even begin to know whether any of these things had been done to their account, and I saw no information that the expert looked for any of them.
If I trade cable modems with my neighbor (or they were switched accidentally) I believe we would each also be logged as the other. The cable company cannot and does not identify which signal comes down the wire to my house. They use serial numbers embedded in the products to identify which user can access the service and when to disconnect it.
In short, an ip address signifies nothing, even which device on the network is talking. It does not mean what this "expert" seems to think it means. The logs of the service provider, even if they were as accurate as physically possible, do not rise to the level certainty required of evidence.
If this is all the RIAA has to go on, it's time to go for their assets.
Help stamp out iliturcy.
Two lawyers, discussing an aspect of law, on Slashdot.
Do we even allow that kind of thing here?
I am TheRaven on Soylent News
I'm not an English major either. I have a BS in mathematics, in fact. But even I know what inculpated and exculpated mean.
That said, it probably would've been faster to explain it to him. But it's not like he was playing the game that TV crew did for Leno or someone when they went around asking people what they thought about when they masticated (mastication == chewing, BTW).
There, at least, I can imagine that he's trying to clarify whether "filter" means "block" in this case. From the testimony (if, indeed, any of it can be considered reliable), it would seem that their software merely detects (or attempts to detect) copyrighted songs by sniffing the network, rather than blocking their transmission.
That said, the whole exchange is pretty ridiculous. I'm wondering--will MediaSentry (and whoever else) even be required to put forth a qualified expert on any of these matters? I hope Ray finds the right people the subpoena or uses that special type of subpoena that forces the other party to designate one or more people to answer a question to prevent exactly this sort of game where someone ought to know what's going on, but no one does.
Anyhow, I have no idea what the RIAA is going to do in court when their own witness said they couldn't find any copyrighted material, and yet they refuse to be open to the idea that it was someone else who was the actual infringer.
Thanks.
-Em
RelevantElephants: A Somatic WebComic...
If you don't think there is a difference between /. and expert testimony in court, perhaps you could explain why?.
Ray Beckerman +5 Insightful
12 Q. Do you have any idea why the case
13 hasn't been dropped by now?
14 MR. GABRIEL: Objection to form.
15 Lack of foundation.
16 A. I don't get involved with -- so no.
If we take for granted that the evidence offered by expert testimony is not persuasive to most who understand the technology at stake, I can only imagine the RIAA thinks judge and jury will find it persuasive that the kazaa username on the mediasentry screenshot is "jrlindor." Does anyone else worry that the RIAA can win without providing technical evidence of infringement, but still achieving preponderance of the evidence?
the weakest point in any action against a file-sharer that's based upon an ip address capture is the fact that an ip number - leaving aside for the moment whether or not the isp got it right initially - in no way shape or form indicates if the defendant was operating the computer at such time as the ip capture was made. it's somewhat analogous to the robo-cop radar detector slash cameras communities increasingly use to prosecute alleged traffic violators, in that they provide a picture of a car and a license plate number but precious little else of importance - i.e. who's actually behind the wheel. using the hacker analogy for instance one could mock up a phony plate, put it on a rental vehicle similar say to a car the govenor's wife drives and blast through a red-light at three am just to cause mischief - and if she happened to have actually been near that area at that moment the mischief might be considerable - especially if the outline of an "interesting passenger" was resolved by the traffic cam. automatic traffic cops leave a lot to be desired in other words, and so do programs that purport to show by proxy who's doing what and when with a computer. i wouldn't predict the leanings of judges (who seem to either accept too much at face value or too little) or the sentiments of juries, but it would seem to me that the vein you mined with dr. jacobsen as seen in pages 22 forward, "have you formed an opinion as to whether marie lindor personally uploaded any copyrighted files to anyone," and to which the dr. clearly and continuously waffled, is an area of massive vulnerability for the riaa and a point upon which you should continue applying pressure. this to me is the issue that may resonate the most among people with common sense. - js.
...I really don't intend this to be a flame, but I have got to tell you, if you're going to be a pretentious bastard about the meaning of a word, you have got to at least spell dictionary right. Yes, my spelling sucks. And now you know why Mr. Beckerman beat the witness up for failing to know the meaning of a common term. Taken on its own, it's petty.. lumped in with a series of more substantive attacks, it's just one more grain of sand on the scale. Yes, he's splitting hairs. That's what lawyers do. If one of your Profs puts 12 issues into a final exam, and you discuss 10 of them masterfully while dismissing the other two as (in your opinion) "petty".. does that help or hinder your pursuit of A's?If Mr. Beckerman were to draw this out at length in court, the judge would probably side with you.. but there is NO reason not to explore everything the witness says carefully and thoroughly during a deposition.
By the way, what IS the meaning of "is"?
-GiH
Didn't he say he does not get paid for this? That's a lot of work. (well, at least 45 minutes x 200 ;-)
On the other hand, if he is getting paid it's got to be a pretty nice revenue stream for him.
4 with fake content?
6 A. I don't have any firsthand experience
7 with that. Either he is not an expert on Kazaa or this is deliberate lie.
Given the proportion of deliberately mis-labelled (fake) files on kazaa the probability that an expert or even a casual user might never encounter any is virtually zero.
I see a couple of potentially significant details that got left out here, or that, after reading the deposition, I missed in other people's comments. (Disclaimer: I have no certifications, nor am I a lawyer, so there is no more validity to my comments than those of the RIAA's expert)
1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.
2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.
3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?
4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.
All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?
----- Connection reset by beer
Darn, you stole my point. But to add to that for those that want to see this in action (hey, the RIAA likes screenshots, right):
See Here, or here, or just here
You've got one card allowing you to set or clone (copy from the connecting machine) a MAC address, another allow to type in the MAC segments, and then a bunch of google results in general for the interfaces to this.
And this is just for routers, mind. It's also quite easy to spoof MAC using windows, easy on linux/BSD using ifconfig, or see here for info on all the common OS's.
So what can you do with this?
Well with a router it makes it easy (as mentioned in the parent) to configure so that the ISP thinks a given PC is connected... thus skipping the issues when you have either the computer or the router plugged directly to the DSL/cable modem.
With a PC you can test various DHCP settings, pretend to be somebody else and nab their IP (the dhcp serving machine will generally assume you are whomever your MAC states you are), get onto MAC-secured wireless, and many other things. There are plenty of legit uses, but certainly many other cases where one an online "identity" could be easily misrepresented.
Well, a NAT is a physical device. When functioning as such it will have two IP addresses -- one on the local network and one on the outside one. Contrary to your beliefs, TCP/IP packets only have one "source address" and one "destination address" fields. As an outgoing packet transits the NAT, the device overwrites the source address with its own (global internet-) address. When an incoming packet arrives, the NAT replaces the destination address (which is the NAT's global Internet address) with the correct local address and forwards the packet to the local network. In particular just by looking at the TCP/IP headers of a packet on the internet there's no way to tell if it was modified by a NAT or not.
What you need to understand is that the NAT does not use any addressing information in the packet header to tell which local computer the packet should go to. Rather, all this decision-making is internal to the NAT. The device keeps track of the connections the local computers have to the outside world (via port number etc). Depending on the port and the connection the packet belongs to it knows which local computer it is representing for the purposes of this particular packet.
I have two issues with this bit. The first is small, it seems that the real question used "her" instead of "Marie Lindor" which was edited in afterwards, that is forgivable as a transcription issue. The second is more important. He says "second-to-last" but the word being discussed is not "her", it is the preceding word "inculpated". This tells me either there is a serious transcription error here, or both Q and A are using/taking "second-to-last" to mean the word third from the end of the question, which is almost certainly wrong.
...but I have to call bullshit.
Beckerman wants to paint Jacobson as an RIAA whore but Jacobson flat out stated that the computer whose hard drive he examined was not used to share MP3s, which blows a huge hole in the RIAA's case. He didn't have to say that. He could have said he didn't find any evidence, but it's possible that *yada yada yada*, and no doubt the RIAA pushed him to say just that. I can see why he doesn't get much work as an expert witness. When I pay good money for a whore I expect her to suck and swallow.
Jacobson made a good argument that NAT wasn't used which Beckerman failed to rebut and then Beckerman continued to talk about NAT as a red herring. Some here claim to have rebutted Jacobson's argument but it's really beside the point. If Lindor had a wide open wireless router she can take the stand and say that. If she won't then any NAT-related arguments are just an attempt to baffle the judge/jury with bullshit.
As for the clock skew claim, Lindor's lawyers could subpeona Verizon for information about when the IP address was assigned and for how long. If they haven't done so it's because they already know the answer and it won't help their client.
Belittling Jacobson for not knowing what "inculpate" means was childish. My SATs were over 1400 under the old system and I attended an ivy league school, but I have never seen or heard the word "inculpate" before today. I was able to guess what it meant from the similarity to "exculpate" (before Beckerman mentioned it), but you can be damn sure that if had to answer a question under oath that contained a word I never heard before I would ask what it meant and not rely on guesswork.
Here's what I think: Lindor is innocent but she allowed the guilty party to use her internet connection and is covering for him/her. The RIAA is leaning on her to get her to cough up a name.
AT&T is a phone company, but they did offer a cable internet service before 2003 when Comcast bought it. You didn't know that? Well then I guess you just discredited yourself.
Something you might want to look into: the expert claimed that the hard drive he examined was NOT the one involved in the infringing. How can he tell? The entire hard drive could've been overwritten many times either through ordinary use or by an intentional effort to remove previously recorded and deleted data. There are consumer software products designed to securely erase data, along the lines of Norton Wipe, but better, as I think Wipe (at least, old versions of Wipe) merely overwrite with 0's. A user might use such software as part of an effort to remove malware in hopes of avoiding having to reinstall Windows. (Wiping the free space probably won't solve a problem with an infection, but users have been known to try many a thing in hope that it will.) A user might have reason to do so because of P2P-- might've received a virus through P2P and accidentally ran it. Didn't the expert say that hard drive had a fresh install of Windows? Seems he could've been examining the correct hard drive, but thanks to significant alterations of the contents, it wasn't possible to tell for sure. However, sounds like this expert didn't even try! He made no mention of having used anything more than a hex dump of the current contents.
Typically, data is never actually erased. Instead, data is left intact until overwritten (if ever) with fresh data. Suppose some file "F" is deleted. All that really happens is that the parts of the disk containing the file system's information about F are updated to indicate that the part of the disk where F resided is now free. The contents of F are not actually erased. The part of the disk where F was may eventually be overwritten at some future time with some other file's data, but that's a matter of chance. This expert's method of dumping the contents is hardly better than the old MSDOS undelete command! He would find F if it hadn't been overwritten but not otherwise. Anyone who remembers using undelete will know that if you undelete right away before you do any act that writes something to the disk, you'll get your file back. But the more writing activity that happens before attempting an undelete, the greater the odds the spot where a deleted file was will be overwritten, making undelete impossible. I've heard there are ways to read data that has been overwritten, and that if you want to really securely erase data, you should overwrite it at least 10 times, and overwrite with different random garbage each time, not all 0's. But it doesn't sound as if this expert employed any forensic technique to read overwritten data. All he did was examine the current contents. The only deleted data he will see with such an examination is only that which escaped being overwritten. If so, then he could not tell for sure whether free space on that drive had been cleaned up with Norton Wipe. This expert couldn't even say whether Windows had been installed more than once on that hard drive!
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
Not trying to be a troll here, but why is knowledge of latin often seen as a requirement for intellectualism?
Because medieval European elites saw Rome as the pinnacle of civilization and sought to emulate the Romans in all ways.
AT&T is not just a phone company, it has offered a variety of services for years including satellite. Before that, cable tv and internet services allowed by acquisitions of other companies.
Probably an A.
Do you think he does a better job for his regular employers than he does for the RIAA for a MUCH higher hourly rate?
Tech Public Policy stuff
I attend Iowa State, and it's embarassing to see the school's name associated with the RIAA.
Could anyone clarify what the incessant "objection[s] to form" are, and what the purpose is in raising them so often? Is it a very literal objection to the structural form of the question, or something more arcane?
--- "No matter who or what, a box of flowers is better than a smack in the belly with a wet fish." --RAH
The fact that MediaSentry performed the traceroute over a year and a half later should be noted. The RIAA alleges that infringement occurred on Aug 7, 04, but the traceroute is dated Mar 13, 2006. Given that ISP's assign IP's dynamically, there would be very little to no chance that Ms Lindor would still be assigned this IP. IT infrastructure and equipment also changes, given that almost 2 years have passed in the interim.
It looks like a significant problem exists here. Specifically, I just looked up the DHCP addresses from the computer present on a handwritten note (Exhibit 17) http://www.ilrweb.com/viewILRPDF.asp?filename=umg_ lindor_070223JacobsonEx17. Those DHCP servers are from CableVision. I am assuming that CableVision is a New York cable company???
It looks like Mrs. Lindor's computer was configured for cable modem access. Accusing her of downloading files over Verizon DSL with a cable modem is a bit of a stretch ...
Language does not allow for one for one conversion like an exchange from decimal to hexidecimal - the value of the work is lost or altered in the transition.
-GiH
Umm, it is ASCII. Since no characters are used outside of the printable, 7-bit characters, it is ASCII, UTF-8 and a whole slew of ISO8859 encodings, all at the same time.
Get over yourself.
There are no tiger attacks in my area and it's all because this rock I'm holding keeps the tigers away.
... I would often be assigned the same IP address multiple times, sometimes consistently for several days running. (I kept logs, and sometimes I'd check.) Might have been because I was in an area that had relatively few users. Also, I generally used a leased POP (not one owned by my ISP), so my IP address would come from the backbone's pool, not the ISP's own pool. AOL, Earthlink, Juno, NetZero, and a bunch of smaller ISPs all used these same leased POPs, and relied on the user's login prefix to tell which ISP the user belonged to. (Frex, an Earthlink user would log in as "ELN/username", not just "username".)
Dunno if that's useful info to you (and it's everything I know about it) but there ya go anyway.
~REZ~ #43301. Who'd fake being me anyway?
In fact he gets paid $200 an hour.
Ray Beckerman +5 Insightful
"but my distinct opinion is Ray Beckerman is a dick."
I object!
Lacks foundation.
Well then, I'm guessing you won't be on his Christmas card list this year. ;-)
Well actually I thought this experience was beneficial to him, and that I did him a favor. He has perhaps learned that he's been playing a game he shouldn't be playing, and now he can go back to trying to find some honest work.
Ray Beckerman +5 Insightful
Defending P2P users from the RIAA mafia makes Ray a dick? Go back to playing with your lightsaber and leave the decisions to us adults.
Ray Beckerman +5 Insightful
...quicker, easier, more seductive the darkside is...but more powerful, it is not.
Yah I was thinking something along those lines as well. Basically the prosecution would have to show what version of the Kazaa software they believed the defendant to be using and then show that option was not available in that version. I have no idea if it was avail or not at the time, however as it is an option today you would have to find that out. Of course that brings an interesting point, it's been a few days but I'm not sure the MediaSentry logs report the version of the client in use. If they don't then they have another problem as Kazaa was not found on the defendant's computer to get a version, even if it had been the version found on the drive at the time of mirroring would not necessarily be the same as at the alleged time of infringement.
yeah, IANAL and all that jazz, don't believe me, look it up for yourself.
As I recall from watching too much courtTV, a court reporter types up the transcript using a specialized device that loosely resembles a typewriter. It's been a while since I've looked for modern versions, so please let the forums hordes correct me if I'm wrong, but I remember a 'keyboard' layout that was based on phonics, NOT individual letters as most computer users are used to. One of the transcript 'errors' that someone pointed out above was a phonetic spelling of the intended word, the court transcriber was likely in a hurry and didn't know that particular word.
Try this at home, kiddies: have a friend read an excerpt from your favorite book, and try to type what your friend is reading into your computer. Now to make it like a courtroom, you must have a rule that you cannot let your friend pause or slow down while he is reading so that you can catch up with your typing. The fact that you can't keep up with your friend is why court transcribers use a phonics based entry system.
Oh, yeah, for 'on-topic'.. I think NewYorkLawyer just swiss-cheesed some 90% of all RIAA suits. All the RIAA can prove with their 'evidence' is that some IP address was associated with a P2P network data-packet.
They have consistantly failed to prove that a specific individual delibrately and with malicious intent did violate copywrite laws by 'making available' copywrite infringing work.