Slashdot Mirror
Oklahoma Security Expert Attacks RIAA Claims
NewYorkCountryLawyer writes "A group of Oklahoma University students has made a motion to vacate the ex parte order the RIAA had obtained compelling the university to turn over their names and addresses. In support of their motion was the expert witness declaration (PDF) of a computer security and forensics expert who essentially attacked the entire premise of the RIAA's lawsuit, characterizing the declaration upon which the RIAA based its motion as 'factually erroneous' and 'misleading.' Among other things he pointed out that 'An individual cannot be uniquely identified by an IP address,' and that 'Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points.' The students are represented by the same Oklahoma lawyer who recently obtained a award for $68,000-plus in attorneys fees against the RIAA in Capitol v. Foster."
"Oh SHIT ... not this guy again."
The higher the technology, the sharper that two-edged sword.
No matter who comes out on top only the lawyers win. :/
~
"Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points" Did the MAFIAA really think someone would overlook this point? Anyone with a class in Internet 101 knows that routers assign one IP address to represent whatever computers are attached to it. I'm glad their having their asanine package of BS handed right back to them.
Sure baby, I'll give you my phone number...in Hex
I'm wondering why it's taken other lawyers so long to realize the RIAA is ripe for fleecing with their undefendable suits. Surely the lawyer vs. lawyer guys would have figured out by now that the RIAA, with so much $$$, is ripe for plucking...
:)
I'm actually ashamed of this, BTW
Moderation in everything, including moderation.
Nitpick:
TFA says the 11 students are at Oklahoma State University (OSU), not that Other University to the south (OU).
[ Yes, I am an alumni of OSU. ]
...how big is the school in question? I've been wondering recently whether the RIAA has ever gone after schools with big legal programs. Have they been avoiding a fight with students who might have a large number of friends training to be lawyers? I have visions of some professor who gets sufficiently aggravated that he assigns his entire class to bury the RIAA in legal briefs.
"Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points."
Yes, we all know this is true from a technical perspective. However, the RIAA is not as dumb as to ignore it. From the depositions in the Lindor case (posted earlier by NewYorkCountryLawyer) they are also relying on the fact that Kazaa (and workalikes) apparently include the local IP in the protocol. So if I'm behind my router, and my IP is 192.168.1.1, but my router's IP is 123.45.6.78, then the RIAA will see BOTH addresses and know whether there's some NATting going on with a pretty high degree of certainty. However, if Kazaa reports the local IP as 123.45.6.78 as well, then it's highly unlikely any more than a single computer is behind that IP.
Reading the report, the "expert" here appears to be completely ignorant of this fact.
Also, some of this is really atrocious. Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured. If you connect to 'linksys' are you "hacking" that network? Would you use that term No. No "hacking" (in any reasonable sense) is going on.
Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes." A back-door is not a "code" or a program, nor are botnets. Bots are, Trojan (Horses) are, and they can open back doors. Precision, please?
Do look at the expert's biography page on the site shilling his book. Plenty of asserted qualifications and certifications, although I don't see any formal degrees listed anywhere. It also asserts that "One final note Jayson was chosen as one of Time's persons of the year for 2006." (hint: so were you). The grammar in the bio is even worse than in the expert brief. Do a search for his name and you'll find precious little at all.
I'm not saying that the RIAA is doing due diligence; the Lindor briefs leave a lot in question (although less than most slashdotters would like). However, fighting back with equally specious and unresearched information doesn't seem to be a much better strategy.
[ Yes, I am an alumni of OSU. ]
Are you an alumnUS? Or are you siamese twins?
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I hope this is a troll.....
Red light cameras increase the accident rate as often as they decrease it. Also, the real dangerous drivers that actually run the middle of the red light and T-bone innocent drivers, aren't paying attention. Before red light cameras they weren't paying attention in a situation where their life was at stake, now they aren't paying attention in a situation where their life plus a $100 ticket is at stake. It isn't a deterrent to the real problem.
The people who actually get tickets are the ones that don't even see the red light. If it changes while you are in the intersection, you are running it. When traffic is heavy, sometimes you get caught in it. The alternative is to wait back at the line for a huge clearing and go if the light hasn't turned yellow yet. I know of many intersections where there is no left turn signal and at rush hour, the only time to turn left is at the yellow when oncoming traffic stops. If people were to obey the letter of the law, it would take an hour to turn left.
There are also plenty of cases where the yellow duration is set at less than the legal minimum for an intersection of the type it is installed at. Sometimes, conveniently, they fix the timing three months after the camera is installed and claim that the reduction in fines is from the camera itself, while it is really from the adjustment of the timing.
In summary, red light cameras mostly ticket people who are not a threat to anyone and they unfairly target those who have one on their drive to work. Some people are scrutinized 500 times a year and not allowed to make a single mistake while others never get a look from a camera because of where they live.
I live near Buffalo, NY. Buffalo is considering putting red light cameras downtown and desyncronizing the lights on Delaware Avenue. They want people to hit more red lights. Buffalo doesn't like to raise property taxes because it is politically unpopular and nearly 50% of downtown land is tax-free. Buffalo loves "alternative revenue streams", our sales tax is around 9% (due to several recent hikes), we recently started charging sales tax for airport parking, the residents are still mad about a bunch of fees that have been newly assessed like a "garbage user fee" that used to be paid for with tax money. The Mayor even admits that revenue is part of the reason they are being considered.
They are neither free to own or operate, over their lifetime very few will pay for themselves in the fines they are able to inflict.
This is untrue. There are companies that will install the cameras for free, operate them for free, and only ask for a cut of the ticket money. There is zero chance that the city will lose money and I'm sure the chance that the operating company will lose money is also slim. In California, many red light cameras are operated by Lockheed Martin. In 2001, they were sued for camera placement in San Diego and had to refund a bunch of tickets after it was discovered that they had the cameras installed primarily in intersections where the yellow was too short or there was some other design flaw increasing the liklihood of someone running the red. No cameras were installed in the top 10 most dangerous intersections. Also, if you go to court to fight a citation, a CHP officer stands in to "represent the policies of the vendor". You never get to question your actual accuser.
...I don't necessarily agree with this, but most ISP's have similar clauses in their TOS: You are responsible for whatever your equipment puts out/takes in over the network connection. That's a contract between the ISP, the customer, and no one else. I'm not sure what makes Starbucks (for instance) not liable if a wifi customer downloads kiddy porn, but a person who owns an open WAP gets their PCs confiscated by the cops. The person is, reasonably, a suspect.why aren't judges protecting the people?
The law is not really in the RIAA's favor here.
The RIAA has shown a history of fradulent law suits.
Why aren't people countersuing for malicious prosecution?
They're using their grammar skills there.
Ummm few things:
1) Where did you get the idea all universities have tons of IPs? Some do, some don't. Also, a class B might seem like a lot, but if you've got 50,000 students, 20,000 departmental computers and servers, and you dole the IPs out in subnets to different departments (so they aren't 100% utilized) you start feeling the crunch more than you might think. Where I work we've got two class Bs (as we were in on the Internet game fairly early) and network operations has already begun working on renumbering the network to try and reclaim unused IPs. We haven't had to implement NAT on any campus level (though there are tons of little ones that random people run) but it is not something out of the question. Take a larger university with less IP space, you'd have little choice.
2) NAT has other uses such as cloaking the activities of individual computers. You'll see places use NAT just for that, they don't want individual activity being traced based on IP. So they get a many-to-many NAT set up. You have say a couple hundred routable IPs with a couple thousand non-routable IPs behind them. The router picks out which public IP you get randomly, or round-robin, or whatever. Thus it ends up being impossible to figure out what is happening.
3) Who says the university runs the NAT? You telling me you don't think students stick routers in their dorms? You telling me that you don't think they do that, and turn on unsecured WiFi (especially since many universities have extremely poor or non existent WiFi)? I know for a fact they do, because we always have problems with this on our campus.
This officer also told me that these cameras are the safest way to enforce red lights. It's exceptionally hard for an officer to catch these people, because the officer 1) has to be able to see the light, 2) has to be in the front rank of cars, and 3) often as not would have to run the light themselves, which would be more dangerous than just letting the guy go. You can put an officer at each corner of the intersection, but that's manpower intensive
Or you can equip the intersection with a camera, but have it manned by a single officer who uses it to identify who to pull over, and as evidence against them. This dodges all 3 issues:
1) The police office does not have to see the light. The camera provides the evidence.
2) The police officer does not have to be in the front rank of cars. He can be stationed anywhere.
3) The police officer does not have to run the light himself. He can even be safely stationed out of sight, past the intersection.
4) It is not manpower intensive. It can be done by a single officer.
And as a bonus, when the camera is not being manned it can used to send out notices to people who ran the light. Sort of a hey, did you know you ran this light, and had it been manned you would have been charged.
Point is I don't have anything against camera assisted enforcement, I have a problem with automatic camera enforcement that targets the owner of a vehicle, where you are only even notified of a violation you may not even know has happened months after it happened, where you are responsible even if you weren't driving. (responsible for either paying the ticket or nominating someone else to pay the ticket.)