Slashdot Mirror
RIAA's 'Expert' Witness Testimony Now Online
NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"
I saw something in the transcript that I wanted to point out before anyone else here criticizes Jacobson on it:
Q. By what body are you certified as an engineer?
A. By no professional society.
Q. No professional society? Is there any organization that has certified you as an engineer?
A. No.
Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --
Q. Are you part of any body the members of which are peer-regulated?
A. Can you give me an example of what you are --
Q. A lawyer, an architect, an accountant. I thought an engineer had to be certified by a peer-regulated body.
A. To be called a professional engineer they do.
Q. So are you not a professional engineer?
A. I do not have a PE license.
Based on his Jacobson's research page. It looks like Jacob's, a professor "on the faculty of Electrical and Computer Engineering", is a computer engineer. Given that, the above statement is totally understandable As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE. (Not a single computer engineering professor in my University is). PE's are common in engineering professions where somebody needs to sign off on the final product - civil engineering especially, and mechanical engineering to a lesser extent.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Respect to you Ray.
I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
And it's nice to see that the community could have been of help.
All the best.
"There is nothing nice about Steve Jobs and nothing evil about Bill Gates." - Chuck Peddle
This guy comes to the conclusion that it was the defendant's computer, even though there is no evidence from hard drive forensics, and he says there is no wireless router since the IP was registered to the house.
Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.
For me to say why he was doing it would be speculation. My guess as to the reason: inexperience.
Ray Beckerman +5 Insightful
Not to mention that he maintains he can trace the IP address back to a specific ISP account and computer (emphasis mine). Unless he's a Peeping Tom with a web-cam in the defendant's house, the RIAA should be demanding their money back from him.
Oh, and then there's the place where he maintains that at the time the computer was imaged many months afterwards, that there was no wireless router in use at that time Media Sentry "discovered" this "infringer". Is there a log that keeps records of every IP address you've ever connected with?
And I have to laugh at how he refers to "registered" computers. I thought he was talking about gun registration, or some such thing. I've never heard of my own computer being "registered" to anything. Is this another invented RIAA term, like "Media Distribution System"? Has anyone else ever referred to KaZaA, or any other P2P program, as an MDS? Ray, you can't be letting the RIAA frame the terms of the debate to ignorant Judges.
And don't miss the parts where he says he didn't actually document any of his findings because there was nothing to find, however, you should go through your own copy of the disc to verify my Registry findings that no wireless router was in place. He's supposed to be the expert, and he wants the defense to replicate his findings in the Registry??? Are there any registry experts here? Probably a few, but not many. But he assures us it's there.
Biggest thing is that he says that no KaZaA was present, nor any infringing music files. The only way the RIAA can respond is you sent us the wrong hard drive. No question that the person in question might have actually been innocent. RIAA -- You Bastards!
Glad to know that we helped, Ray! Keep fighting the good fight!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
This is not an option nigger, share the file or we have a problem.
The RIAA lobbyists have been a busy lot. On Friday, they got the Copyright Review Board to grant them a fee based system that will essentially shut down the majority of small Internet Radio stations. Way to go boys. Bring on that corporate commercial media. http://www.radioparadise.com/ http://www.save-internet-radio.com/2007/03/02/save -internet-radio/
I'm currently studying for the spring Fundamentals of Engineering exam (FE). After taking this exam and working in the field of engineering for 5 years, you can take the Professional Engineering (PE) exam. Its not the easiest test in the world, and its a big pain in the arse. That said, I think a computer science student would have a particularly hard time with it. The morning session (general) is composed of several subjects including chemistry, strengths of materials, physics, thermodynamics, fluid mechanics, a small ethics session, etc. Basically all engineering knowledge known up to 1935, updated to the modern day. Everyone has to take the general session, and I think Comp sci students would struggle with it.
The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.
As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
I think many of his students will be appalled at the actual contents of his testimony.
For example, he teaches a course in "Information Warfare", the entire thrust of which is that the internet is dangerous and insecure in the extreme. He teaches students all about the infinite numbers of vulnerabilities.
Then he testifies that he forms an opinion in 45 minutes based upon some printouts from an investigator who pulled down some screenshots from the internet.... with no verification whatsoever.
And that he's give about 200 such opinions. And so far, 200 out of 200 concluded, without reservation, that there was indeed copyright infringement.
What kind of grade would he issue to a student who handed in work like that?
Ray Beckerman +5 Insightful
He's submitted sworn reports... around 200 of them. But no defendant's lawyer has ever brought him to a deposition before this.
Ray Beckerman +5 Insightful
After reading that all I can see if the guy evading the question, flat out denying truths, agreeing with them in limited fashions, constantly playing dumb. His investigation methods are borderline incompetent, after reading that huge PDF I could only say he should not be allowed to be a whitness in any case I mean I'm a third year computer engineering student most of my course emphasis has been on networking and hardware rather than this sort of thing but I can see huge holes in his logic.
1.Doesn't verify his sources Beckermans point about "are mediasomethigns and verizons clock synchronised" is a good one espeacially when you consider his point about the nature of IP address's, at the very least he should have requested the lease time of that IP (so when did the subscriber start using the IP and for how long) to verify that the information had a chance of being correct.
2.No set method, the lack of reports and the fact he never made print outs suggests he doesn't have a set method of investigating, which personnally would make me question his investigation techniques this results in a whole list of problems:
2a.means no evidence supporting the defendent was kept, in effect his not impartial and also hurts the defense 2b.suggests he makes it up as he goes along, a "what seems a good idea at the time", as you can clearly see he's missed out on some issues which are important, like confirming the MAC address of the machine and its method of connecting to the internet.
3.Deliberate attempts to twist what hes saying or not sticking to the question an example would be towards the end where he starts talking about IPV4 and finishs with IPV6. I don't know how either works exactly but he should have talked about both seperatly, the use of both at once means he could be dilibertly hiding stuff, when was IPV6 rolled out anyways? Anouther example would be his linking IP address's directly to a PC, no matter how many times Beckerman tried to get him to admit that when accessed through a router the IP address given to the outside world is the routers not the individual PC's. 4.Lack of actual investigation, now I'm not sure what he was exactly hired to do but by the looks of it RIAA hired him to prove and be a whitness to say that a person used Kaza to download and share music. Hes not done that, hes investigated the drive he was sent found no traces of Kaza on it, or any MP3's (I think he indirectly said this) rather than investigate possible explanations for this, for example did the person own two pc's, did they connect to the internet through a router, could this router have been compromised (perhaps unsecured), perhaps then look for security vulnerabilities to see if it was a zombie machine, or for other security problems. Then if he couldn't prove any of that attempt to verify that mediashares information was correct, check it and check verizons and then attempt to co-oberate that information somehow, for example attempt to obtain the MAC address from the hard drive and from mediashares packet information in otherwords to link them up. Otherwise all he can actually claim is that "The pc in question when inspected did not have the Kazaa program on it at any time, nor does it appeared to have or have had the media files that mediasomething accuse the computer of having" His conclusions from his investigation lack any form of imparitality and it appears that he was unwilling to give any real unbiased opinion.
personnaly after reading that disposition I would seriously call into credibility as a expert or even as a whitness. I'm sure better people than I could take apart his disposition its 3am here I'm tired but those are the things that come to my mind at least
From p. 88:
Q. But you don't know whose computer it actually was, do you?
A. No.
Q. But your report said it was defendant's computer, so I think you will agree that that's an imprecision in your report.
A few unhelpful observations.
This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:
I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.
This is funny, too:
I should buy some cement.
IANAL, but I understand that there are standards for admissibility of scientific evidence, and the questions quoted below (and several that follow) cover them. The most recent ruling is called "Daubert."
Whatever this witness has to say based on his methods is useless because the methods have not been generally accepted and/or there are no peer reviews or tests of the methods' accuracy/reliability and no known level of accuracy/reliability.
Q. Has your method of determining from
the MediaSentry materials whether a particular
computer has been used for uploading or downloading
copyrighted works been tested by any testing body?
A. Not that I have submitted.
Q. Do you know anyone else that is using
your method, other than you?
A. Not that I'm aware of.
Q. Has your method of determining
through the MediaSentry materials whether a
particular computer has been used for uploading or
downloading copyrighted works been subjected to any
form of peer review?
A. Not that I'm aware of.
Q. Has your method of determining from
the MediaSentry materials whether a computer has
been used for uploading or downloading copyrighted
works been published?
A. No.
Q. Is there a known rate of error for
your method?
A. No.
Q. Is there a potential rate of error?
MR. GABRIEL: Object to the form.
A. I guess there is always a potential
of an error.
Q. Do you know of a rate of error?
A. To my process, no.
Q. Are there any standards and controls
over what you have done?
A. No.
Q. Have your methods been generally
accepted in the scientific community?
A. The process has not been vetted
through the scientific community.
At first I thought that was a lawyer-lawyer jibe and he was about to ask if the other lawyer wanted to chase it. But it was almost that good anyway:
MR. GABRIEL: Why don't you wait until the ambulance passes.MR. BECKERMAN: I don't think we --
MR. GABRIEL: It may take a while.
MR. BECKERMAN: This is New York, Richard. This isn't Denver. We could be here all day.
MR. GABRIEL: Just try to keep your voice up.
Chernobyl 'not a wildlife haven' - BBC News
As I interpret it, the summary is that the guy inspecting the hard drive appeared to have no formal qualifications, his methods were not peer reviewed, he was unaware of the exact methods and procedures of the software he had been using to identify the user or examine the hard drive, he could not testify that although media appeared to be shared it had actually been downloaded by any person (other than the software looking for copyright material), although he examined the disk he didn't actually document any of his findings, that he was not aware if the time of IP address allocation and the IP address to account lookup that Verizon did was actually correlated/synchronized, that he was unaware of Verizons' procedure for looking up such data and if it was free of human and/or mechanical errors, that he didn't know what the IP allocation time was or how many times this dynamic IP address had been allocated that day, that he himself teaches classes involving spoofing, that there were 3 user accounts on the hard drive that he examined, and that, assuming the information from Verizon was accurate, he had no way to actually show which particular person had been using the computer. Further, he conceded that it was possible to compromise and control a computer remotely over the Internet, and that he had not investigated if this had actually occurred. A document was also referred to in which it was shown that P2P applications often scan users hard drives and share media on installation, and many P2P users are not aware of which files on their computer are shared, even when their whole drive may be shared, including personal documents. It was also stated that P2P applications can run in the background, e.g. in the system tray, perhaps without the users knowledge.
There was some tenuous discussion of how MAC addresses are used (to which I am not certain I completely agree, but I'm not an expert), and again on how the correlation of two address fields in a Kazaa packet shows that the computer was connected directly to the Internet and not through a router. Again, there was nothing to show that the computer connected to the Internet at the time actually belonged to the Verizon account holder, because no MAC address was recorded and in fact he didn't have access to anything except the hard drive (although personally I would expect Windows records this in the registry, which he did examine and didn't document). In any case, he did say that MAC addresses could be spoofed.
Most interesting for me was that as the examiner, he had been asked purely to find out if Kazaa and MP3 files were present, and he seemed to followed that direction, failing to look for any materials (e.g. malware, remote control apps, etc.) that could possibly have assisted the defense.
HTH
The lawyer was making those objections because that's how these things work, for better or worse. In these situations, lawyers attend depositions assigned specifically to object to anything remotely objectionable in order to preserve their objections in the future (because otherwise they are lost). If something really damaging happened in one of the answers to an objected question, those lawyers could then bring up the fact that they objected at the time and wouldn't be hosed by failure to preserve the issue. In many cases it's just wasting time, but in the event something goes ill in your deposition, you'll thank your lawyers for so protecting you.
This entire case hinges on screenshots, mystery analysis software "encase", a questionable expert, and an IP address obtained from an ISP. The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."
I suspect that if one were to dig deeper into the so-called evidence, one would learn that information obtained from Verizon is prone to error, and that the procedures for generating the screenshots from KaZaa are based on assumptions which are prone to error and probably performed by monkeys. I want to read the deposition from the "dude/monkey" who took the screenshots, please post that one next.
If I were the lawyer for the defendant, I would already be filing my motion for dismissal "with prejudice" with the award of reasonable lawyer fees for having brought a case without any evidence.
Are there any standards for evidence? Is a printout obtained via supoena really a standard for evidence? If so, I can prove anything you like and as a bonus, I even have a professional certification.
There seems to be a common misconception, that I noted in the testimony, that you have to use one of the reserved IP address ranges on the LAN side of a NATed router. In fact, you can use any address at all (I do). The only downside to this practice is if you eventually have to move the NATed host(s) to the WAN side, they need to be re-addressed - and of course, that only applies to hosts with statically assigned IPs.
In other words, by looking at the IP address contained in the payload, there's no way to tell that it was behind a NAT router or not simply because the IP address was not in a reserved range.
Secondarily, since the computer interface IP address is in the packet payload, that is data that is being sent by an application. The application (whatever it was that was communicating with the P2P network) may:
- lie. It could be a hacked version of a P2P standard application,
- allow user configuration of the IP address in the payload (if I remember correctly, some seem to),
- be broken. I assume all versions of all applications that communicate on the indicated P2P network were not vetted for their proper functioning.
Can You Say Linux? I Knew That You Could.
I've seen Kazaa mess up our DSL connection quite a few times. Now, did we use Kazaa? Nope. (we prefered WinMX and irc, but thats beside the point :-D).
When a user gets on Kazaa, the Kazaa network perpetuates that External IP address through their network. Your external_IP is linked to your kazaa_username. Now, when people search and get your kazaa_username, they hit that IP address. All is fine and good... until you are knocked off of DSL or your dhcp timer is up.
Then, you reconnect using a new external_IP. Now, you have many users on Kazaa that know your username goes to either your old IP or your new IP.
The network trashing occurs to the person who inhabits your OLD external_IP. You see a LOT of bandwidth from users and Kazaa network towards your new IP address. We had a 768/384 Kb connection, and 200 Kb was ate up with garbage from Kazaa from the previous IP inhabitor. This number of garbage connections approaches 0Kb, but never meets it.
Perhaps they detected a residual connection like that.
I stopped stealing music when I found out you could just copy it!
Software patents delenda est.
Comment removed based on user account deletion
Perhaps you should go back to stealing. It'll cost you less (jail) time and money if you get caught shoplifting a physical CD than if you are accused of making an unauthorized copy of it.
Schrödinger's cat is not amused—maybe.
I'm not especially techy, but it seems that the general opinion here is much harsher on Jacobson than is really warranted. Obviously most of us here think he's on the wrong side of an important fight, but we need to actually address what he says, not dismiss him because we think he sucks.
The on-topic +5 posts here seem very biased to me. They are insulting towards Jacobsen but fail to identify anything like an actual error in anything he says. The general opinion as to why he's wrong seems to be (a) the RIAA could have faked their screenshots, (b) the application could have been custom-hacked to lie about its private IP address, (c) Jacobson doesn't know exactly how the sniffer technology works. Which is all true. But it's quite unlikely that the RIAA is faking up screenshots so they can accuse completely random people of illegal file sharing, or that the accused custom-hacked their Kazaa client, or that the sniffer tech is totally bogus.
If you're accused of illegal file sharing and you're innocent, I'd imagine plausible reasons why are:
(a) They identified the infringer's IP address correctly but are mistaken in thinking it was assigned to you during the relevant time window; or
(b) The infringement did take place on your IP address but you have an unsecured network (ideally a wireless router) and god knows who did it; or
(c) The infringement did take place on your computer but several people use that and who knows which of them did it.
Unless Verizon screwed up, (a) seems out. And despite what Ray seems hell-bent on establishing, so does (b), given the public IP/private IP match. That strongly suggests it was indeed a single computer with a direct connection to the internet. Now, I know it's not 100% proof. But it seems to be quite likely, and I'd think it certainly sounds plausible to a judge.
Now please correct me if and where I'm wrong! Can we actually find something Jacobson said that's plainly wrong, and not just possibly wrong under unlikely circumstances?
I should buy some cement.
This is flat-out wrong. Yes, you CAN find the OUI that might well give you enough information to find out who made the hardware. The problem is that you can change the whole damn MAC address. Conveniently, Wikipedia even has instructions on how to change your MAC on many OSes, although there's an illustrated guide on changing your MAC, elsewhere.
This guy may know a bit of programming, but this kind of stuff makes it pretty clear to me that he has no idea how people can and do manipulate information. It's pretty clear to me that he's done little more than investigate only those things which might support their case and has completely ignored anything which might cast doubt upon it.