Slashdot Mirror
Is RIAA's Linares Affidavit Technically Valid?
NewYorkCountryLawyer writes "In support of its ex parte, 'John Doe,' discovery applications against college students, the RIAA has been using a declaration by its 'Anti-Piracy' Vice President Carlos Linares (PDF) to show the judge that it has a good copyright infringement case against the 'John Does.' A Boston University student has challenged the validity of Mr. Linares's declaration, and the RIAA is fighting back. Would appreciate the Slashdot community's take on the validity of Mr. Linares's 'science.'"
I do not feel particularly qualified to validate Mr. Linares's claims. However, over the years I have 'forgotten' that the RIAA is just a trade organization, comprised of many different companies. It was interesting to read through the list of plantiffs and put a face on who the RIAA really is. Here they are if you did not RTFA:
- Arista Records, LLC
- Warner Bros. Records, Inc.
- Atlantic Recording Corporation
- Virgin Records America, Inc.
- UMG Recordings, Inc.
- BMG Music
- Capitol Records, Inc.
- Sony BMG Music Entertainment
- Motown Record Company, L.P.
- Maverick Recording Company
- Elektra Entertainment Group, Inc.
- Laface Records, LLC.
- Interscope Records
This may not be a good thing, as my hatred will now be dilutedRonald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
This sounds vaguely familiar...
The biggest mistake is that they're trying to imply that an IP address is tied to a specific person at a specific point in time.
It is not.
It may be tied to a specific computer. Or a specific router / firewall. Or even a specific UNSECURED wireless access point.
But it is NOT tied to a specific person.
Their second biggest mistake is claiming (without any evidence) that each file being "pirated" represents a lost sale. So the courts need to work REALLY REALLY FAST to stop the money being lost.
Their third biggest mistake is that the machine with the IP address, that is associated with the "piracy" is 100% under the conscious, knowing control of the person who is being charged. As opposed to your neighbor using your unprotected wireless access point to download files without your knowledge.
Anyone have any others?
According to the wikipedia, EMI is part of the BPI (Britains version of RIAA)
However so are some of the companies that are also part of the RIAA...
Is there heaven? Is there Hell? Is that a Tuna Melt I smell?-Primus
It wasn't Linares. It's Ray Beckerman, aka NewYorkCountryLawyer.
Sheesh, if you won't RTFA, at least click the submitter's name before you go all conspiracy.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
Note that, throughout his statements up to this point, Linares has repeatedly reasserted that MediaSentry doesn't use any techniques not enabled by the software and medium and not available to any other user of the system. It's obvious he wants to preserve for MediaSentry and, by extension the RIAA, that no "illegal" or unethical techniques were employed to gather data.
Right here, with this sentence, he contradicts himself. I think it's rather obvious that this sentence describes an activity that other P2P users cannot do, even if they chose to try. The very ambiguity of it, and his failure to clarify it, is noteworthy.
Dig deeper right there; "X" marks the spot, as Blackbeard might say.
They're there as Capitol Records.
-uso.
What you hear in the ear, preach from the rooftop Matthew 10.27b
IP addresses don't identify a person, only a junction point in the network (router).
To use their telephone analogy: If you dial a "1-800" there isn't a single telephone and single person answering it, there's a whole network of telephones and many operators to answer them. The Internet works exactly the same way, if anything this "routing" of connections is even more common than in the telephone network.
IP addresses are actually in short supply (there's only a few hundred million of them...) so most people don't even have the option of having single IP address = single computer.
Then there's WiFi.... most home broadband connections are supplied with a wireless router and these routers are unsecured by default. Anybody within a half mile radius can connect and use the internet connection. These people will have the same IP address as the legitimate owner of the router. This practice of using other people's connections is very common in highly populated areas (I personally know two people who do it...)
Even if password access is enabled, the standard "WEP" encryption can be broken in a matter of minutes using freely downloadable software (type "wep cracker" into google and you'll get you a whole list of them).
So...premise 12 is wrong. Without it the rest of the document is moot.
No sig today...
Old details from 2005: http://www.zoominfo.com/people/Linares_L._76047414 4.aspx
L. Carlos Linares Jr. is Regional Counsel, Anti-Piracy and Legal Affairs, for the Recording Industry Association of America, Inc. (RIAA). Prior to working for the RIAA, Mr. Linares worked as an associate in the litigation departments of Conroy, Simberg & Ganon, and Moore & Peterson in Orlando, Florida. He received his Bachelor of Arts Degree in liberal arts and music performance from Louisiana State University in 1993, and his Juris Doctor Degree from the University of Florida College of Law in 1997. Mr. Linares is a member of the State Bar of Florida and the State Bar of Texas. Additionally, he belongs to the Intellectual Property, and Entertainment and Sports Law Sections of the Texas Bar, and the EASL Section of the Florida Bar. Beyond his career as an entertainment attorney, Carlos continues to work as a touring musician, recording artist, and writer. He has played in horn sections on countless stages throughout the U.S., Canada, and Europe, and has recently performed with James Brown. He is currently a voting member of the National Academy of Recording Arts and Sciences (NARAS), and serves as a volunteer with Big Brothers / Big Sisters of Arlington / Mansfield.
As for clock accuracy, that's such a border case as to be almost irrelevant. My suspicion (based solely on my own experience with the DHCP logs and these types of requests) is that they watch for several minutes to see that the files remain attached to that IP address. I've never seen a request that was less than 10 minutes from the beginning or end of a DHCP lease, and they're almost always in the middle of a multi-day string of renewals by the same user.
You have a lot of really valid points, but you've muddied the waters with spots of pedantry.
You also left out (or I missed it in your write-up) IP address spoofing as a flaw. It's rare, but it happens. Probably more often on campus networks or corporate networks than on cable or DSL, where the modem itself limits spoofing quite a bit.
Late arrival, sorry. I agree with all of the comments about the existence of NAT demonstrating point 12 is not true but none closed the circle for me.
It is a fact that IP addresses do not have to be unique across the entire Internet in order for IP routing to function. Translating routers permit this to be the case and, therefore, the declaration is factually incorrect in its attempt to characterize IP routing in point 12. But I think that you need to say more in order to truly debunk point 12. NAT is a border technology but at some point IP addresses do have to be unique for much of what people use the Internet for and that is why I think you need to say more than just that NAT means IP addresses don't have to be and frequently aren't unique.
Consider a case where my node address is 192.168.1.1 (a RFC 1918 private IP address commonly used on a translated network). Assume I use a NAT router. Assume you also use a NAT router but we are not using the same NAT router. Let your IP address also be 192.168.1.1 then. This configuration will function to your and my satisfaction. But, in this scenario I cannot send IP packets to your computer, there is no IP route to it from my host. Yet, despite this undeniable fact, we can share files with each other using most P2P technologies. Therefore, uniqueness of IP addresses appears irrelevant to the functionality of P2P technologies making much of point 12, as written, irrelevant - in addition to just being wrong. Nevertheless, in order for MediaSentry to even have a list of IP addresses for the RIAA to ask the identity of then they must be observing P2P clients that ultimately have had packets reach the public, routable Internet. Therefore, you still need to say more about point 12 since it is end-user identity that is at issue.
Point 12 is attempting to assert that an IP address is a suitable proxy for end-user identity. Plainly my true identity in the IP arena is 192.168.1.1, as is yours. So, 192.168.1.1 is ambiguous as an identity. There has to be a disambiguation that happens somewhere since we are successfully sharing files even though we have the same ultimate identity. Therefore, even though the existence of NAT demonstrates that much of point 12 simply isn't true and irrelevant, that isn't really the point. Can the IP addresses that you do see on the outside (i.e. the one MediaSentry must see) uniquely identify someone. The IP addresses observed by MediaSentry are undeniably unique IP addresses.
Ironically, point 12 appears to address this by shooting itself in the foot with phone analogy: "in a particular home there may be three or four different telephones, but only one call can be placed at a time to or from that home". Absolutely true, but there may also be three or four people living in that home and knowledge that a call was placed from that number to another number, or vice-versa indicates nothing about which individual placed that call. Further, someone may be visiting and ask to use my phone. I may receive a call for a neighbour and go get them to take the call at my home. There may even be a burglar that makes a call while present in my home. IOW, the number itself is a point where multiplexing takes place and the target of the multiplexing is transparent/invisible to the network. NAT does the same thing for IP networks but can do an additional thing the phone can't. A NAT router can (metaphorically) take multiple calls at the same time (potentially more than sixty thousand) and each one has the same multiplexing potential as the phone example.
The point where multiplexing takes place, the phone number, does not identify a user (it identifies a subscriber). The phone company cannot sell service to a specific user, only to a specific subscriber (for the family, visitors and burglar reasons above). The IP address as seen by MediaSentry does not identify a user, it identifies a subscriber (for the same reasons as for the phone). Therefore, point 12 actually uses the phone analogy to conclusively demonstrate th