Slashdot Mirror
Is RIAA's Linares Affidavit Technically Valid?
NewYorkCountryLawyer writes "In support of its ex parte, 'John Doe,' discovery applications against college students, the RIAA has been using a declaration by its 'Anti-Piracy' Vice President Carlos Linares (PDF) to show the judge that it has a good copyright infringement case against the 'John Does.' A Boston University student has challenged the validity of Mr. Linares's declaration, and the RIAA is fighting back. Would appreciate the Slashdot community's take on the validity of Mr. Linares's 'science.'"
It's not a sworn statement, so it doesn't count as an affidavit. If Linares was really behind this document, it would be a sworn statement.
The term "individual" isn't valid, but legally it may be close enough. IANAL. An IP address where files are available is identified, not an individual. That IP address may represent a single traditional computer system, a series of computers behind a router, or even an open wireless access point. The fact that you can trace activity to an IP address does not mean you can trace activity to an actual real person. You can figure out who pays for access to the internet using that IP address, but that doesn't necessarily mean that much. However, legally, it may, if the duty to ensure that an IP address is not used for illegal activities rests with the person who pays the subscription fee instead of the person who uses the address. This may be reasonable...those who pay for access are probably the least cost avoiders (actually, the ISPs may be the least cost avoiders, but we don't want them shutting down every service they can detect).
In point 12, an IP network is compared to the phone network, and it is stated that only one computer can use each [implied: visible] IP at a time. Given the prevalence of NAT, this is not only technically untrue but also quite reliably false.
In point 12, it is stated that an ISP or college can identify the user of an IP address. This is untrue as the "user" could be no more than a MAC address, which can change. And even if true, the context seems to imply that this remains true in hindsight, which is false unless logs are kept.
Point 15 states that human review is involved in the case of EACH infringer, which is blatantly untrue given the history of automated (and wrong) cease and desist letters.
As opposed to your neighbor using your unprotected wireless access point to download files without your knowledge.
Why does it have to be unsecured wireless? We all know how insecure WEP is and isn't it plausible that someone hacked your WEP? The key thing I'm trying to say is that you have to prove guilt. How can they prove it was my computer it could have been a hacked WEP and the only way they'd have access to my router is for them to hack ME.
Well you do have points, but slowdown. There's no need to make such a big commotion about being on the anti-RIAA bandwagon. For example copyright infringement is infringement regardless of whether it represents a lost sale, and the thing about acting quickly was argued because ISPs delete their logs periodically. Now, the comment about IP addresses is indeed a big issue. What needs to happen is either a change in law or a legal precedent establishing that whoever 'owns' the IP address must either take legal responsibility or be responsible for making sure those who use the address can be identified. Think about the protection an ISP has as a common carrier. They shoulder no responsibility for crimes their users commit, but in exchange they have to reveal IP addresses. The same logic says that we should somehow legal codify that either owners of an IP address must take responsibility or balance their immunity with adequate identification of their users.
The fact that you can trace activity to an IP address does not mean you can trace activity to an actual real person.
That is the blaring hole in the arguement in the PDF on Paragraph 12 where they compare IP addresses to telephone numbers. They claim that phones sharing one line are like a party line. Only one can make a call from one number at a time. They missed entirely using ports on a router so multiple users behind a router can make a call all at once from the same phone number. The number does not identify the individual any more than call from the political campaign center identifies the individual making the call. You may try to call them back and sue the individual for harrassment, but identifying the individual by the phone number is a problem.
His declaration under penalty of purgery under the laws of the United States that the foregoing are true and correct should have had peer review so they would indeed be true and correct. They are not and is easly proven so. The following is easly proven. Not all IP address have a direct connected single user computer just like not all phone numbers are to a single person renting an apartment. Enter routers and trunked/ISDN lines and his example falls apart. He should be careful what he signs as true and correct. It could cost him.
The truth shall set you free!
IANAL or a law student, just a future CS phd (hopefully RSN).
1) First Linares acknowledges that a route can have an IP address, then he says "Two computers cannot effectivly function if they are connected to the Internet with the same IP address".
This is not true. i.e. routers and NAT. Multiple Computers can have the same effective IP address to the internet. While they can track it down to the NAT device, they cant go further.
2) They assume the network provider maintains a log of IP addresses. This is not a given. A Good guess perhaps, but not a fact.
3) While its good practice that they download files and humanly verify the contents, the list of files can't be verified to be all infringing content. Unless they actually downloaded said file themselves, its an assumption that the file is named/labeled correctly. He says this later when he says that it only "suggests" that there were many copyright files. (Not being a lawyer, don't know the implication).
4) They claim an ISP can identify the computer being used. This is inaccurate. They can identify the customer, but most customers are behind routers (aka NAT) so they have no ability to identify which computer.
5) They claim expedited discovery is "critical" to stopping piracy. I can't believe they believe that expiding discovery will have any dent on piracy.
6) They claim that infringment of non public works greatly harms it when released, I believe there's evidence to the contrary (i.e. widely distributed albums have debuted at number 1 or other times higher then anyone expected).
7) unsure why expidited discovery impacts if they can serve defendants. If it happens quickly or over a long period of time, what difference does it make?
8) They now claim ISPs destroy logs, but if discovery is going on, are they allowed to?
Yes but you, as a client of some ISP, are responsible of what goes through your internet line. I'm not sure how far that responsibility goes, that's some judge to find out I think. It would be silly if I was doing something illegal using my internet line and then getting away with it just by blaming "maybe someone hacked my wlan."
You don't know what you don't know.
It may be tied to a specific computer. Or a specific router / firewall. Or even a specific UNSECURED wireless access point.
Agreed.
Furthermore Mr. Linares knows, or should have known this is true. It would have been completely negligent for him not to do so. Wireless routers for home users which allow a single IP address to service 20+ individual computers and ship unsecured by default can be purchased at any electronics dealer, including Walmart, for less than $70.
Furthermore Mr. Linares knows, or should have known, that IP redirector (or "bounce") programs have been a staple of internet anonymity for at least two decades. These packet bouncers were commonly used to anonymise IRC connections and were often illegally installed on other computers without the computer operators knowledge. Therefore these computers which have been identified could have been hijacked using an internet tool that is at least 20 years old. Mr. Linares could not reasonably be ignorant of them.
Mr. Linares must have known that his statements regarding the reliability of IP addresses were false and self-serving, and he intentionally misrepresented this to the court under penalty of perjury.
I'm just sayin' that I think there should be a law against intentional misrepresentation to the court, and maybe some penalties as well.
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
They don't have to prove guilt. It's not criminal court."
Free advice from a non-lawyer. Not only that, but I only have time to scan the document quickly, however here are some points that I think might be relevant:
1. The word "piracy" is repeatedly used. I don't believe this is a standard legal term (outside of naval encounters). The word is not defined in the document. I think the intent is to equate the term "piracy" with "copyright infringement", but to spin it imply other things. One could probably attack this term successfully.
2. Point 8 is a logical fallacy. Whether or not record companies authorize P2P distribution of music is completely unrelated to the conclusion that P2P networks are used primarily for copyright infringement. One would first have to show that the vast majority of content falls under the record companies' copyrights.
3. "Distribution" has a specific legal definition in copyright law (or it does in my country, anyway). P2P copying may or may not fall under that definition. This is extremely important. They are trying to imply that P2P copying is a more serious offense than copying in other ways.
4. Points 9 an 10 bother me slightly, but I can't put my finger on why. They are implying that the P2P users are anonymous and thus can escape lawsuits from copyright holders. This is probably an important point in their case. I suspect they are trying to show that P2P users are intentionally hiding because they are doing something they know is wrong. This is why it is OK to remove that anonymity. It is important to stress that whatever the motives of the defendant, it is the plaintif's job to show that an infringement occurred *and* that the defendant was involved before an injunction is granted. The anonymity of the defendant is immaterial to that point.
5. Point 11 states that Media Sentry can identify files being offered. It can not. It can only identify the *names* of the files being offered. The name of a file does not constitute anything more than circumstantial evidence that the file contains what they think it contains.
6. As has been stated numerous times before Point 12 is just false. An IP address identifies a machine, not a user. Any number of users may access that machine. Other machines may route through that machine and masquerade as it. The owner of the machine may not even be aware that someone else is using it for this purpose.
7. Point 13 doesn't make any sense at all. They indicate no mechanism for Media Sentry to identify copyrighted works. Or even if one assumes that all the works available through the P2P network are copyrighted, there is no mechanism for determining who the owner of that copyright is. The document seems to imply that all users of the P2P network can do this and since Media Sentry uses the same mechanisms, it can do it too. But users can not generally do this. They would have to provide some explanation for the mechanism they are using.
8. Point 16 states that the IP address can identify where the infringement occurred. This is incorrect. It merely shows one step of the way. In order to identify where the infringement occurred, they would also have to show that the packets were not then transferred to a third party. This information is not actually stored anywhere on the computer, so it might be impossible in practice to say for sure where the infringement occurred.
9. Point 17: How is Verizon's concession in any way relevant to a judges decision? Does Verizon get to make precedent?
10. In point 18, they use the terms "distribute" and "make available". Again, these have very specific legal meanings. They have not described how the alleged actions of the defendants are equivalent to these legal terms. Even if they have documented copying, this is different than the above terms (at least in my country).
11. Again point 18, they have stated that the Defendant made illegal copies available. They have no way of determining this. They merely suspect that the Defendant's computer was used to *relay* copies (or pa
To answer this question:
Recently there was a bit of a buzz on campus after word got out that some of our grads just starting at the top law firms were breaking the previous earning caps, and making as much as 135K a year in their first year. After hiring bonus, one of our kids will clear 200K by next June.
Er.. that is to say.. it goes to the lawyers.
-GiH
What you suggest is unreasonable and probably illegal. WEP is broken to a few minutes, and you can't demand users trash WEP only equipment.
I'm all for authenticated wireless but it is nearly impossible to implement on a scale like this unless we use verisign certificates and a public auth server that is free. Most APs can't do it anyway at the moment, and neither can many consumer devices, most can't even do WPA. Linksys has a for-pay auth setup they provide but this is nowhere near being universally compatible.
I would argue it is not the consumers problem anyway and most consumers barely understand how Wi-Fi works, much less an integrated 802.1x wireless authentication system using public servers. Not only will it fail to accomplish its goals, going after individual users does not help the situation in any way.
"How exactly does Bittorrent "Capitolize" on anything? Its free software. No Ads, No fees, ect. Is the RIAA objection to pirates DONATING to open scource projects?"
This is the quote to which you refer:
If you're confused, it may be because you're reading it too literally. When you see "BitTorrent" in the above, mentally replace it with "BitTorrent tracker sites" (ie: The Pirate Bay). Many of them are commercial endeavors making thousands upon thousands of dollars in profit each month (just because they provide a free service does not mean that they don't have a profit motive). Facilitating piracy is a big business, and business is good.
HTH.
Sitting in my day care, the art is decopainted.
1) Possession of child porn is a pretty serious crime, and like any crime, I'd expect the evidence to meet a high standard of proof. How would you feel if someone cracked your WEP key, used your wifi to download child porn, and got you sent to prison for years? Should this be an absolute defense? No. But I think we are in a pretty scary state if you can be sent to prison for years based off your IP showing up in logs somewhere. There are too many ways that can be wrong.
2) I don't get your point about the extortion letters coming from the RIAA's "IP" - they send them via snail mail. And they file court cases. And they collect the money. There is no possible way they could claim it wasn't them.
'This person' just happens to be one of those lawyers who's constantly trying to put the RIAA in its place and takes the time to keep us informed. He also takes the time to explain the relevant processes of law to us nerds.
Don't you think it's a hilariously good idea to come to us when he doesn't understand 100% how P2P networks work? Aren't we exactly the ones who know best why RIAA's claims are stupid? So let's think this through: A lawyer who happens to understand law (gee, what a coincidence...) asks techies whether the technical interpretation of the 'bad guy' holds true or not.
I don't see your problem. Would you rather he pull a Matlock on the judge and try to get the jury to shed a tear for the poor victim? That guy is doing a hell of a job.
Under the influence of Post-Cyberpunk Gonzo Journalism
>Yes but you, as a client of some ISP, are responsible
>of what goes through your internet line.
Why would you be responsible (for the legal point of view) for what someone else do just because you are a client of some ISP? YOu could be responsible towards the ISP, sure, but not towards anyone else.
This is also irrelevant. For a subpoena its sufficient that it be assigned to a particular individual. There will be time later to argue whether or not the assigned user was in control of the equipment using that IP address, though this is certainly a worthwhile avenue to explore for the defense.
This is true.
Unfortunately the Modus Operandi of the RIAA is to send the assigned user a settlement statement to the effect of "pay us $3,000 or we'll sue you." This is what has the community screaming. They are perfectly happy to bully the innocent. Many people, even if they were the victim of mistaken identification, will pay up rather than risk an expensive legal battle. Having done so, the RIAA now has another notch in its belt when it goes to congress to ask for even more draconian legislation.
Education is a better safeguard of liberty than a standing army.
Edward Everett (1794 - 1865)
"Consumers don't understand how it works" is a perfectly valid defence if you're trying to sue me for what a joyrider got up to in my car after stealing it, and my excuse is that I thought a basic lock would be enough.
"I Know You Are But What Am I?"
If there are several WiFi access points available, Windows will pick one almost at random unless you tell it otherwise (which not everybody knows how to do...)
This leads to people install WiFi in their house via "home installation kits" but they're really using their neighbor's WiFi without knowing it.
This isn't a contrived example, it really happens. I've personally seen people using P2P software on their neighbor's WiFi connection even though they have their own access point. They're not doing this maliciously, they're doing it out of pure ignorance because they don't know what router they're connected to (and don't really care).
Even if you look at the list of available networks, chances are that all you see is a bunch of things labeled "Motorola", "Linksys", "Comtrend", etc. - nothing which really indicates which is your router.
If both you and your neighbour have Motorola modems then which do you pick? You have 50:50 chance of using your own connection as there's no way to tell them apart without reconfiguring your own modem to something other than "Motorola" (change the "SSID").
Changing the SSID isn't trivial for the average user so many won't bother - they're connected, they're happy.
Just to emphasise: I'm not talking about extreme cases here, this is quite common in my experience.
No sig today...
How is it that this 'trade' organization isn't illegal? I can understand an industry organization that sets technical standards, but the RIAA goes much further than that and sets prices, colludes on market objectives, and prosecutes customers.