Slashdot Mirror
Is RIAA's Linares Affidavit Technically Valid?
NewYorkCountryLawyer writes "In support of its ex parte, 'John Doe,' discovery applications against college students, the RIAA has been using a declaration by its 'Anti-Piracy' Vice President Carlos Linares (PDF) to show the judge that it has a good copyright infringement case against the 'John Does.' A Boston University student has challenged the validity of Mr. Linares's declaration, and the RIAA is fighting back. Would appreciate the Slashdot community's take on the validity of Mr. Linares's 'science.'"
It's not a sworn statement, so it doesn't count as an affidavit. If Linares was really behind this document, it would be a sworn statement.
I do not feel particularly qualified to validate Mr. Linares's claims. However, over the years I have 'forgotten' that the RIAA is just a trade organization, comprised of many different companies. It was interesting to read through the list of plantiffs and put a face on who the RIAA really is. Here they are if you did not RTFA:
- Arista Records, LLC
- Warner Bros. Records, Inc.
- Atlantic Recording Corporation
- Virgin Records America, Inc.
- UMG Recordings, Inc.
- BMG Music
- Capitol Records, Inc.
- Sony BMG Music Entertainment
- Motown Record Company, L.P.
- Maverick Recording Company
- Elektra Entertainment Group, Inc.
- Laface Records, LLC.
- Interscope Records
This may not be a good thing, as my hatred will now be dilutedRonald said nothing. He flung himself from the room, flung himself upon his horse, and rode madly off in all directions.
The term "individual" isn't valid, but legally it may be close enough. IANAL. An IP address where files are available is identified, not an individual. That IP address may represent a single traditional computer system, a series of computers behind a router, or even an open wireless access point. The fact that you can trace activity to an IP address does not mean you can trace activity to an actual real person. You can figure out who pays for access to the internet using that IP address, but that doesn't necessarily mean that much. However, legally, it may, if the duty to ensure that an IP address is not used for illegal activities rests with the person who pays the subscription fee instead of the person who uses the address. This may be reasonable...those who pay for access are probably the least cost avoiders (actually, the ISPs may be the least cost avoiders, but we don't want them shutting down every service they can detect).
I think the RIAA is really bad. Do I get my mod points now?
This sounds vaguely familiar...
The biggest mistake is that they're trying to imply that an IP address is tied to a specific person at a specific point in time.
It is not.
It may be tied to a specific computer. Or a specific router / firewall. Or even a specific UNSECURED wireless access point.
But it is NOT tied to a specific person.
Their second biggest mistake is claiming (without any evidence) that each file being "pirated" represents a lost sale. So the courts need to work REALLY REALLY FAST to stop the money being lost.
Their third biggest mistake is that the machine with the IP address, that is associated with the "piracy" is 100% under the conscious, knowing control of the person who is being charged. As opposed to your neighbor using your unprotected wireless access point to download files without your knowledge.
Anyone have any others?
The person is NewYorkCountryLawyer. Therefore, I think he expects people who think the RIAA's tactics are horrible to give him technical arguements he may use.
Now, given the prevaling sttitude on slashdot about the compensation accorded all intellectual property, I don't think I'm alone in saying my technical expertise is for sale only. Please paypal $$ to my account for me to comment on this story.
Your ad here. Ask me how!
In point 12, an IP network is compared to the phone network, and it is stated that only one computer can use each [implied: visible] IP at a time. Given the prevalence of NAT, this is not only technically untrue but also quite reliably false.
In point 12, it is stated that an ISP or college can identify the user of an IP address. This is untrue as the "user" could be no more than a MAC address, which can change. And even if true, the context seems to imply that this remains true in hindsight, which is false unless logs are kept.
Point 15 states that human review is involved in the case of EACH infringer, which is blatantly untrue given the history of automated (and wrong) cease and desist letters.
The fact that you can trace activity to an IP address does not mean you can trace activity to an actual real person.
That is the blaring hole in the arguement in the PDF on Paragraph 12 where they compare IP addresses to telephone numbers. They claim that phones sharing one line are like a party line. Only one can make a call from one number at a time. They missed entirely using ports on a router so multiple users behind a router can make a call all at once from the same phone number. The number does not identify the individual any more than call from the political campaign center identifies the individual making the call. You may try to call them back and sue the individual for harrassment, but identifying the individual by the phone number is a problem.
His declaration under penalty of purgery under the laws of the United States that the foregoing are true and correct should have had peer review so they would indeed be true and correct. They are not and is easly proven so. The following is easly proven. Not all IP address have a direct connected single user computer just like not all phone numbers are to a single person renting an apartment. Enter routers and trunked/ISDN lines and his example falls apart. He should be careful what he signs as true and correct. It could cost him.
The truth shall set you free!
According to the wikipedia, EMI is part of the BPI (Britains version of RIAA)
However so are some of the companies that are also part of the RIAA...
Is there heaven? Is there Hell? Is that a Tuna Melt I smell?-Primus
IANAL or a law student, just a future CS phd (hopefully RSN).
1) First Linares acknowledges that a route can have an IP address, then he says "Two computers cannot effectivly function if they are connected to the Internet with the same IP address".
This is not true. i.e. routers and NAT. Multiple Computers can have the same effective IP address to the internet. While they can track it down to the NAT device, they cant go further.
2) They assume the network provider maintains a log of IP addresses. This is not a given. A Good guess perhaps, but not a fact.
3) While its good practice that they download files and humanly verify the contents, the list of files can't be verified to be all infringing content. Unless they actually downloaded said file themselves, its an assumption that the file is named/labeled correctly. He says this later when he says that it only "suggests" that there were many copyright files. (Not being a lawyer, don't know the implication).
4) They claim an ISP can identify the computer being used. This is inaccurate. They can identify the customer, but most customers are behind routers (aka NAT) so they have no ability to identify which computer.
5) They claim expedited discovery is "critical" to stopping piracy. I can't believe they believe that expiding discovery will have any dent on piracy.
6) They claim that infringment of non public works greatly harms it when released, I believe there's evidence to the contrary (i.e. widely distributed albums have debuted at number 1 or other times higher then anyone expected).
7) unsure why expidited discovery impacts if they can serve defendants. If it happens quickly or over a long period of time, what difference does it make?
8) They now claim ISPs destroy logs, but if discovery is going on, are they allowed to?
Seeing as we're not paying you, could you please not comment?
It is possible to spoof email, MAC, and IP addresses, but I don't know the likelihood of being able to spoof the IP while participating in file sharing with bit torrent or limewire.
It is also very possible to spoof caller id.
Are these good arguments?
I think there are enough holes in their statements to bring it into question, but this stuff is very technical and may be difficult to explain in court, although the MPAA is trying to do the same, albeit poorly.
Creationists are a lot like zombies. Slow, but powerful and numerous. And they all want to eat our brains.
Free advice from a non-lawyer. Not only that, but I only have time to scan the document quickly, however here are some points that I think might be relevant:
1. The word "piracy" is repeatedly used. I don't believe this is a standard legal term (outside of naval encounters). The word is not defined in the document. I think the intent is to equate the term "piracy" with "copyright infringement", but to spin it imply other things. One could probably attack this term successfully.
2. Point 8 is a logical fallacy. Whether or not record companies authorize P2P distribution of music is completely unrelated to the conclusion that P2P networks are used primarily for copyright infringement. One would first have to show that the vast majority of content falls under the record companies' copyrights.
3. "Distribution" has a specific legal definition in copyright law (or it does in my country, anyway). P2P copying may or may not fall under that definition. This is extremely important. They are trying to imply that P2P copying is a more serious offense than copying in other ways.
4. Points 9 an 10 bother me slightly, but I can't put my finger on why. They are implying that the P2P users are anonymous and thus can escape lawsuits from copyright holders. This is probably an important point in their case. I suspect they are trying to show that P2P users are intentionally hiding because they are doing something they know is wrong. This is why it is OK to remove that anonymity. It is important to stress that whatever the motives of the defendant, it is the plaintif's job to show that an infringement occurred *and* that the defendant was involved before an injunction is granted. The anonymity of the defendant is immaterial to that point.
5. Point 11 states that Media Sentry can identify files being offered. It can not. It can only identify the *names* of the files being offered. The name of a file does not constitute anything more than circumstantial evidence that the file contains what they think it contains.
6. As has been stated numerous times before Point 12 is just false. An IP address identifies a machine, not a user. Any number of users may access that machine. Other machines may route through that machine and masquerade as it. The owner of the machine may not even be aware that someone else is using it for this purpose.
7. Point 13 doesn't make any sense at all. They indicate no mechanism for Media Sentry to identify copyrighted works. Or even if one assumes that all the works available through the P2P network are copyrighted, there is no mechanism for determining who the owner of that copyright is. The document seems to imply that all users of the P2P network can do this and since Media Sentry uses the same mechanisms, it can do it too. But users can not generally do this. They would have to provide some explanation for the mechanism they are using.
8. Point 16 states that the IP address can identify where the infringement occurred. This is incorrect. It merely shows one step of the way. In order to identify where the infringement occurred, they would also have to show that the packets were not then transferred to a third party. This information is not actually stored anywhere on the computer, so it might be impossible in practice to say for sure where the infringement occurred.
9. Point 17: How is Verizon's concession in any way relevant to a judges decision? Does Verizon get to make precedent?
10. In point 18, they use the terms "distribute" and "make available". Again, these have very specific legal meanings. They have not described how the alleged actions of the defendants are equivalent to these legal terms. Even if they have documented copying, this is different than the above terms (at least in my country).
11. Again point 18, they have stated that the Defendant made illegal copies available. They have no way of determining this. They merely suspect that the Defendant's computer was used to *relay* copies (or pa
To answer this question:
Recently there was a bit of a buzz on campus after word got out that some of our grads just starting at the top law firms were breaking the previous earning caps, and making as much as 135K a year in their first year. After hiring bonus, one of our kids will clear 200K by next June.
Er.. that is to say.. it goes to the lawyers.
-GiH
It wasn't Linares. It's Ray Beckerman, aka NewYorkCountryLawyer.
Sheesh, if you won't RTFA, at least click the submitter's name before you go all conspiracy.
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
"How exactly does Bittorrent "Capitolize" on anything? Its free software. No Ads, No fees, ect. Is the RIAA objection to pirates DONATING to open scource projects?"
This is the quote to which you refer:
If you're confused, it may be because you're reading it too literally. When you see "BitTorrent" in the above, mentally replace it with "BitTorrent tracker sites" (ie: The Pirate Bay). Many of them are commercial endeavors making thousands upon thousands of dollars in profit each month (just because they provide a free service does not mean that they don't have a profit motive). Facilitating piracy is a big business, and business is good.
HTH.
Sitting in my day care, the art is decopainted.
1) Possession of child porn is a pretty serious crime, and like any crime, I'd expect the evidence to meet a high standard of proof. How would you feel if someone cracked your WEP key, used your wifi to download child porn, and got you sent to prison for years? Should this be an absolute defense? No. But I think we are in a pretty scary state if you can be sent to prison for years based off your IP showing up in logs somewhere. There are too many ways that can be wrong.
2) I don't get your point about the extortion letters coming from the RIAA's "IP" - they send them via snail mail. And they file court cases. And they collect the money. There is no possible way they could claim it wasn't them.
Note that, throughout his statements up to this point, Linares has repeatedly reasserted that MediaSentry doesn't use any techniques not enabled by the software and medium and not available to any other user of the system. It's obvious he wants to preserve for MediaSentry and, by extension the RIAA, that no "illegal" or unethical techniques were employed to gather data.
Right here, with this sentence, he contradicts himself. I think it's rather obvious that this sentence describes an activity that other P2P users cannot do, even if they chose to try. The very ambiguity of it, and his failure to clarify it, is noteworthy.
Dig deeper right there; "X" marks the spot, as Blackbeard might say.
'This person' just happens to be one of those lawyers who's constantly trying to put the RIAA in its place and takes the time to keep us informed. He also takes the time to explain the relevant processes of law to us nerds.
Don't you think it's a hilariously good idea to come to us when he doesn't understand 100% how P2P networks work? Aren't we exactly the ones who know best why RIAA's claims are stupid? So let's think this through: A lawyer who happens to understand law (gee, what a coincidence...) asks techies whether the technical interpretation of the 'bad guy' holds true or not.
I don't see your problem. Would you rather he pull a Matlock on the judge and try to get the jury to shed a tear for the poor victim? That guy is doing a hell of a job.
They're there as Capitol Records.
-uso.
What you hear in the ear, preach from the rooftop Matthew 10.27b
They download files suspected of violating their clients rights, but they have no idea whether the file really is what it claims to be, nor whether the copyright owner actually has licensed the work to be shared by P2P networks but only to be used for personal enjoyment, not for law enforcement purposes and similar. Remember, the copyright owner can make such limitations, which actually are tame compared to some of the limitations RIAA routinely puts on their 'property'.
In my opinion just one file illegally downloaded by RIAA invalidates their entire legal process. In civilian law there are no loopholes that allow for breaking some laws in order to enforce others - and that's a very good thing.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
#6 claims that "similar online media distribution systems emerged and attempted to capitalize on the growing illegal market Napster fostered," followed by examples. This statement is provably incorrect in two ways. The first is that most, probably all, of these networks are not designed for media sharing, they are designed for file sharing. I only personally have knowledge of Bittorrent, eDonkey and DirectConnect but in all those cases the software is designed to share any and all files a user wishes, with no special exclusivity for media. Some, like the eDonkey variant eMule can restrict searches to various types of files (such as just video or music) but it does so only via the extension of the file. Others, like Bittorrent, have no such capability at all since search isn't an included part of the protocol. Bittorrent is just a distributed HTTP mechanism, searching is added through other means.
The second is that they are designed and/or primarily utilized for illegal purposes. Bittorrent, being highly popular, is the best example. It was designed simply to allow peer-to-peer downloading of files from websites to take the load off of a single server. It is currently extremely widely used for legitimate purposes. One of the largest would be the patch mechanism for Blizzard Entertainment's (a subsidiary of Vivendi Games) MMORPG World of Warcraft. The official patch mechanism form Blizzard uses Bittorrent so as to lessen the load on Blizzard's own servers. Another high profile use would be Linux distribution, nearly every Linux distro's preferred method of distribution is Bittorrent.
#9 claims that the RIAA members lose massive amounts of revenue to P2P copying. However there is no proof of this offered, and indeed I am aware of no proof out there. The only empirically valid, peer reviewed study I am aware of at this point is a 2005 study conducted by UNC Chapel Hill and Harvard (found here) which found: "Using detailed records of transfers of digital music files, we find that file sharing has no statistically significant effect on purchases of the average album in our sample. In specifications that identify the effect of file sharing on sales relatively precisely, we reject the hypothesis that file sharing is responsible for the majority of lost sales." To the extent the RIAA has offered any figures at all it is based off of the assumption that every copy made is money lost, at full retail value. This is of course false because it fails to take in to account several factors:
1) The music producers do not receive the full retail price for each album.
2) Some people who made a copy of the music, never would have purchased it had it not been available for free. They simply were unwilling or unable to spend the money, and as such nothing has been lost.
3) Some people may have bought some of the music they had downloaded, had they been unable to get it for free, but not all of it. For example a university student with a disposable income of less than $100 per month would clearly not purchase 100 albums costing in excess of $10 each, even if they downloaded that many. Thus while some sales may have been lost, not all of them have.
4) Some people may have bought more as a result of their downloading. They download songs as a sort of "virtual window shopping" and when they find ones they like, they purchase the CD. Thus sales are actually gained.
The RIAA's model for calculation could be mathematically stated as L = D * R where L is the amount of loss in dollars, D is the number of downloads presumed to have taken place and R is the average retail price. This is clearly overly simplistic and thus incorrect. A real formula would look more like L = D * P1 * W - D * P2 * W where L is the amount of loss in dollars, D is the number of downloads presumed to have taken place, P1 is the percentage of the time people did NOT bu
IP addresses don't identify a person, only a junction point in the network (router).
To use their telephone analogy: If you dial a "1-800" there isn't a single telephone and single person answering it, there's a whole network of telephones and many operators to answer them. The Internet works exactly the same way, if anything this "routing" of connections is even more common than in the telephone network.
IP addresses are actually in short supply (there's only a few hundred million of them...) so most people don't even have the option of having single IP address = single computer.
Then there's WiFi.... most home broadband connections are supplied with a wireless router and these routers are unsecured by default. Anybody within a half mile radius can connect and use the internet connection. These people will have the same IP address as the legitimate owner of the router. This practice of using other people's connections is very common in highly populated areas (I personally know two people who do it...)
Even if password access is enabled, the standard "WEP" encryption can be broken in a matter of minutes using freely downloadable software (type "wep cracker" into google and you'll get you a whole list of them).
So...premise 12 is wrong. Without it the rest of the document is moot.
No sig today...
One could always explain it in court using the defensive strategy that never fails:
"Ladies and gentlemen, this is Chewbacca. Chewbacca is a Wookiee from the planet Kashyyyk. But Chewbacca lives on the planet Endor. Now think about it; that does not make sense! Why would a Wookiee, an eight-foot tall Wookiee, want to live on Endor, with a bunch of two-foot tall Ewoks? That does not make sense! But more important, you have to ask yourself: What does this have to do with this case? Nothing. Ladies and gentlemen, it has nothing to do with this case! It does not make sense! None of this makes sense! And so you have to remember, when you're in that jury room deliberatin' and conjugatin' the Emancipation Proclamation, does it make sense? No! Ladies and gentlemen of this supposed jury, it does not make sense! If Chewbacca lives on Endor, you must acquit! The defense rests."
"It is the business of the future to be dangerous" -Alfred North Whitehead
In my opinion as a network and network security professional, the affidavit takes some liberties with the truth of IP networking. Most blatantly it ignores the technologies of NAT and PAT, and assumes that the IP address presented to the Internet belongs to a single computer, and that this computer is owned and operated by the person who the IP address was assigned to. To me, this is the crux of the whole argument: You simply can NOT determine the identity of a USER by the IP address shown to the Internet. You can only identify the owner/subscriber of the connection to the Internet. You MUST do further evidence gathering to complete the discovery process and identify a person.
Here are my thoughts paragraph by paragraph. I hope they're helpful. If not, I hope they're at least not dry. FULL DISCLOSURE: I've never actually used any P2P network software, but then again when I was in college "gopher" was a cool utility.
6. "At any given moment, millions of people illegally use online media distribution systems to upload or download copyrighted material." By who's count? Where did this number come from? How many millions of people are on the Internet? Is he saying that such a huge percentage of the users of the Internet are "at any given time" ALL illegally sharing files?
8. "Thus, the vast majority of the content that is copied and distributed on P2P networks is unauthorized by the copyright owner" This statement is far too broad. Again, what evidence does he have? Is he further stating that the vast majority of the files on P2P networks are music files? Again, by what evidence?
12. "Users of P2P networks...can be identified by using Internet Protocol ("IP") addresses because the unique IP address of the computer offering the files for distribution can be captured..." This is factually incorrect. While the IP address being presented to the Internet can be determined, this IP address may represent any number of distinct computers due to technologies such as Network Address Translation (NAT) and Port Address Translation (PAT). If the "unique IP address" of the actual computer can still be identified by the P2P client (which I can not speak to having never actually used P2P software) that addresses is not necessarily permanent either. The technology of Dynamic Host Control Protocol (DHCP) allows for the temporary assignment of IP addresses to computers. This means that the IP address of the computer in question may have changed between the time of the alleged distribution of copyrighted materials and the time of the investigation of that. Further still, and IP address is assigned to a computer, not to a person. This argument does not, in any way, indicate any correlation between IP address and person. It is more akin to identifying a driver based on a photograph of the license plate of the car. Yes, you may know who owns the car, but you don't know who was driving. For that matter, you don't know if somebody lifted the license plate and put it on a different car.
12. "Two computes cannot effectively function if they are connected to the Internet with the same IP address at the same time." This does not account for methods of hijacking an IP address, nor does it account for the NAT or PAT technologies discussed earlier.
12. "This is analogous to the telephone system where each location has a unique number." In so far as you can identify the "owner" of the telephone number, but you still haven't identified who placed the call.
16. "Once provided with the IP address, plus the date and time of the infringing activity...can identify the computer from which the infringement occurred (and the name and address of the subscriber that controls that computer)." There is an assumption here that there is no NAT or PAT occurring on the network. More correctly, what can be identified is the subscriber to whom the IP has been assigned. That IP may represent a single computer or a network of computers. That network may include publicly accessible connections, and unless the RIAA has done the due-diligence to determine that the subscriber who had the IP address at that time has a secure and locked-down network, they still have not even identified an actual computer yet.
----- Connection reset by beer
If there are several WiFi access points available, Windows will pick one almost at random unless you tell it otherwise (which not everybody knows how to do...)
This leads to people install WiFi in their house via "home installation kits" but they're really using their neighbor's WiFi without knowing it.
This isn't a contrived example, it really happens. I've personally seen people using P2P software on their neighbor's WiFi connection even though they have their own access point. They're not doing this maliciously, they're doing it out of pure ignorance because they don't know what router they're connected to (and don't really care).
Even if you look at the list of available networks, chances are that all you see is a bunch of things labeled "Motorola", "Linksys", "Comtrend", etc. - nothing which really indicates which is your router.
If both you and your neighbour have Motorola modems then which do you pick? You have 50:50 chance of using your own connection as there's no way to tell them apart without reconfiguring your own modem to something other than "Motorola" (change the "SSID").
Changing the SSID isn't trivial for the average user so many won't bother - they're connected, they're happy.
Just to emphasise: I'm not talking about extreme cases here, this is quite common in my experience.
No sig today...
I was under the impression that the point of modding a post is to show that you appreciated the content of the post and to make it more visible to others who may not read every post in the discussion (or TFA), thus contributing to the community. Does it really matter if you can increase someone's karma?
No one has yet addressed the question of how RIAA can tell whether files on my computer are licensed or unlicensed by listening. Lineres' said *** The RIAA also listens to the downloaded music files from these users in order to confirm that they are, indeed, illegal copies of sound recordings whose copyrights are owned RIAA members.*** (para. 15) and ***The RIAA downloaded and listened to a representative sample of the music files being offered for download by each Defendant and was able to confirm that the files each Defendant was offering for distribution were illegal copies of sound recordings whose copyrights are owned by RIAA members. *** (para. 18) Is there anyone with technical credentials who can say that Lineres was lying since it is impossible to distinguish between licensed sound files and unlicensed ("illegal") copies by listening?
Late arrival, sorry. I agree with all of the comments about the existence of NAT demonstrating point 12 is not true but none closed the circle for me.
It is a fact that IP addresses do not have to be unique across the entire Internet in order for IP routing to function. Translating routers permit this to be the case and, therefore, the declaration is factually incorrect in its attempt to characterize IP routing in point 12. But I think that you need to say more in order to truly debunk point 12. NAT is a border technology but at some point IP addresses do have to be unique for much of what people use the Internet for and that is why I think you need to say more than just that NAT means IP addresses don't have to be and frequently aren't unique.
Consider a case where my node address is 192.168.1.1 (a RFC 1918 private IP address commonly used on a translated network). Assume I use a NAT router. Assume you also use a NAT router but we are not using the same NAT router. Let your IP address also be 192.168.1.1 then. This configuration will function to your and my satisfaction. But, in this scenario I cannot send IP packets to your computer, there is no IP route to it from my host. Yet, despite this undeniable fact, we can share files with each other using most P2P technologies. Therefore, uniqueness of IP addresses appears irrelevant to the functionality of P2P technologies making much of point 12, as written, irrelevant - in addition to just being wrong. Nevertheless, in order for MediaSentry to even have a list of IP addresses for the RIAA to ask the identity of then they must be observing P2P clients that ultimately have had packets reach the public, routable Internet. Therefore, you still need to say more about point 12 since it is end-user identity that is at issue.
Point 12 is attempting to assert that an IP address is a suitable proxy for end-user identity. Plainly my true identity in the IP arena is 192.168.1.1, as is yours. So, 192.168.1.1 is ambiguous as an identity. There has to be a disambiguation that happens somewhere since we are successfully sharing files even though we have the same ultimate identity. Therefore, even though the existence of NAT demonstrates that much of point 12 simply isn't true and irrelevant, that isn't really the point. Can the IP addresses that you do see on the outside (i.e. the one MediaSentry must see) uniquely identify someone. The IP addresses observed by MediaSentry are undeniably unique IP addresses.
Ironically, point 12 appears to address this by shooting itself in the foot with phone analogy: "in a particular home there may be three or four different telephones, but only one call can be placed at a time to or from that home". Absolutely true, but there may also be three or four people living in that home and knowledge that a call was placed from that number to another number, or vice-versa indicates nothing about which individual placed that call. Further, someone may be visiting and ask to use my phone. I may receive a call for a neighbour and go get them to take the call at my home. There may even be a burglar that makes a call while present in my home. IOW, the number itself is a point where multiplexing takes place and the target of the multiplexing is transparent/invisible to the network. NAT does the same thing for IP networks but can do an additional thing the phone can't. A NAT router can (metaphorically) take multiple calls at the same time (potentially more than sixty thousand) and each one has the same multiplexing potential as the phone example.
The point where multiplexing takes place, the phone number, does not identify a user (it identifies a subscriber). The phone company cannot sell service to a specific user, only to a specific subscriber (for the family, visitors and burglar reasons above). The IP address as seen by MediaSentry does not identify a user, it identifies a subscriber (for the same reasons as for the phone). Therefore, point 12 actually uses the phone analogy to conclusively demonstrate th