Slashdot Mirror
Judge Excludes 3 "John Does" From RIAA Subpoena
NewYorkCountryLawyer writes "In one of the RIAA's 'John Doe' cases targeting Boston University students, after the University wrote to the Court saying that it could not identify three of the John Does 'to a reasonable degree of technical certainty,' Judge Nancy Gertner deemed the University's letter a 'motion to quash,' and granted it, quashing the subpoena as to those defendants. In the very brief docket entry (PDF) containing her decision, she noted that 'compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery.' There is an important lesson to be learned from this ruling: if the IT departments of the colleges and universities targeted by the RIAA would be honest, and explain to the Courts the problems with the identification and other technical issues, there is a good chance the subpoenas will be vacated. Certainly, there is now a judicial precedent for that principle. One commentator asks whether this holding 'represents the death knell to some, if not all, of the RIAA's efforts to use American university staff as copyright cops.'"
How do IPs not specify identity? If you're letting somebody else use your net connection to pirate something, you're an accessory to their infringement.
When file sharing your music and movies, use public wifi points to crush any lawsuit potential from the RIAA!
Really? Even if they used it without your knowledge?
That's like saying that if I let my mates take my car and they go commit a crime with it (say a hit and run), I should be punished for it.
I wouldn't be classified as an accessory to their hit-and-run, so why should I be an accessory to their copyright infringement if I let them use my connection?
Most of my neighbours have wireless.
I could crack into them in minutes and download.
Are they supposed to be security experts now?
What about when WPA gets cracked? even the ones with a little knowhow will be open for a time.
If someone breaks into your house and commits mail fraud while you're away are you guilty because your door wasn't strong enough to keep them out?
"accessory to their infringement" is bullshit
Sad but true. just leaving the problem that I can change my mac address and even with username/pass systems pilfering a login/pass from a com girl or arts student in my uni would be childsplay
In 2001, my alma mater had 2 45mbps lines for the university and they were consistently hammered by the students doing file sharing. It got to the point that some people in the CS department joked that banging out packets across tin-cans-on-strings would be faster than using the campus network when classes were generally over for the day.
Then, the university instituted packet shapers across the network and it got usable again. Usable to the point where I didn't feel like I was on a 14.4k modem again.
If you want to bootleg content, then pay for your own connection.
A huge settlement won by an ISP's customer for participation in such kangaroo proceedings would go a long way in halting their cooperation with such proceedings. To prevent it backfiring though the right to anonymousity must come to the forefront and be preserved.
The RIAA could demand some draconian cerberos system, but I doubt that rendering large campus networks unusable will garner them any support from the already annoyed campus IT admins. Anyway, much like the AV companies vs virus-writers, this battle is an entirely defensive one.
It's nice to see something logical leaking out of the judicial system, however.
An internal system operation returned the error "The operation completed successfully.".
You bring up something that I think about somewhat often.
On the one hand, the Internet is incredibly useful and provides so much information and entertainment which I believe everyone SHOULD be able to access. It would be a huge loss to society, imo, for people lose this.
On the other hand, computers are complex. Networks are a complex part of computers. Security is a yet more complex part of computer networks. These are things that people spend years learning about and are constantly learning more about, yet here we are encouraging average, untrained people to stick computers which they are basically system administrators for on the largest, most complex, and hardest to secure network in the world? How much sense does that make?
They very well might try, on grounds of their "impeding the investigation".
Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
Of course, it would be so very socially awkward to point out that virtually all policies slashdot have supported so far amount to in effect a regressive wealth transfer from the poor to the wealthy, where the poor who are for whatever reason unable to use a p2p service and thus purchase CDs subsidize the entertainment of those who otherwise generally can afford it. Oh no. Pointing out such things is just not cool.
How can you be "impeding the investigation" if you took these measures before any such investigation existed? It would be one thing to destroy evidence after being issued a subpoena but I'm not aware of any law that requires IT departments to retain logs of IP assignments.......
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Depends how you define "the year of linux on the desktop", doesn't it?
The fastest growing segment of the PC market, netbooks, are split between Windows XP and linux. That, along with reaching mature status on important projects like web browsers, office software, media players, and Instant Messagers, is slowly making linux a viable alternative to Windows, as the netbook market is showing.
Similarly, depends how you define "death knell". I don't think any one of these bad things is going to spell the end of the RIAA crusade against their customers. I do think, however, that the slow build-up of legal ways to avoid being attacked will make their crusade more effort than it's worth. They'll go from being able to sue 3000 people in a single lawsuit to having to focus on a few, then maybe one. At that point, it's not economical to sue potential customers anymore, and they'll just have to figure out ways to make money instead.
It's been a long time.
You're assuming they apply logic where logic is appropriate. I think you give them too much credit.
Never ask for directions from a two-headed tourist! -Big Bird
If we're required to do blocking and monitoring, the BU defense won't hold, because we'll have the data.
I wonder what kind of ridiculous fine structure or penalties there will be for not logging what you monitor?
How about a well documented disk failure event on the file system containing all the logs? "Sorry, Your Honor, we logged everything, and then the disk failed."
Are we going to be legislated into complete backup strategies? I doubt it.
I think the Senate/Obama stance is that bad business models can be allowed to fail (See GM, Ford, Chryseler). It that holds true, the business model of the RIAA/Big 4, which was a sinking ship before Sep08, will certainly have some scrutiny before legislation. Couple that with overwhelming projections of a poor buying season, and I can't see how the RIAA has much of a leg to stand on here.
Of course it will not save the record companies. The problem is the damage they do while dying.
Well, gosh, when you spin it that way, who'd let themselves be used?!
Eh, I wasn't spinning, that's how I really see it. My job as an IT person is to make sure that the network is functional for my users. My job isn't to help RIAA build a case that will be used to bankrupt one of my users based on some thin argument like "making available". Not having logs of IP assignments (or keeping those logs for very short periods of time) isn't going to be a huge hindrance to me -- so I choose not to keep them in my shop.
The RIAA and their unlicensed investigative agencies do that
Fixed that for you :)
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
I think the problem here is poor definition of "left" vs. "right."
Ask a question pertaining to abortion, and most of the answers here are "anything goes," which sounds left-wing. Ask a question about the economy, and the answers are more "government isn't your sugar daddy," which sounds right-wing.
I think the most common /. viewpoint is best described as "libertarian," which can be summed up as "leave us alone and don't tell us what to do."
The sinister "three strike law" pushed by Sarkonazy and his subordinates creates a new category of "crime", that of "not securing properly one's connection", I shit you not. That way you can't use the defense of having been infected by a virus or having your router hax0red, it's your fault, you should have been a master sysadmin.
Nevermind that megacorporations themselves can't be fucked to secure all their systems, you, Joe SixPC, are supposed to one up PCI/DSS or FIPS whatever, or you can't be allowed to the interwebs.
Of course it's a massive pack of FAIL on so many levels, but that's what GWB's BFF has in store for us.
How do IPs not specify identity?
They just don't.
Sure, you can build a system with multiple paths of registration and logging and authentication, but a majority of those processes can be spoofed or socially engineered.
If you came up to me with a subpoena asking who had IP address 192.168.1.X on this day at this time, even if I still had the logs on my DHCP server, it would take a significant amount of forensics (IE, an audit of every laptop my friends or neighbors own) to determine who the culprit was.
Boot Windows, Linux, and ESX over the network for free.
I am in no way condoning the actions of the RIAA, but until the failed business model they were assigned to protect is gone, they have the right to try to stop the alleged unfettered sharing of copyrighted materials.
Fixed that for you.
Just like a trace that can be put on a landline phone, and the identity of the phone subscriber found,
This is the same stupid justification that the RIAA uses in all its John Doe suits. The phone subscriber may not be the one using the phone.
the RIAA has an obligation to its client to find out who is causing the client to lose revenue
Shouldn't the 'client'(artists) also be receiving their share of money collected? Don't the RIAA have an obligation to work within the law to find the ones responsible beyond reasonable doubt instead of going after anyone with only the flimsiest of evidence and then expecting others to do all the work for them?
and changing one's MAC or IP address may seem like a cool way to beat it, but the law may not be on your side at this time.
Changing your MAC or IP is not illegal. In a world where governments are trying to record everything we do, anything that makes it harder for people to track you is a good thing.
I check out RIAA Radar and hand over some scratch if I hear a song that I like and discover the artist is signed with an indie label. I doubt my purchases matter much in the grand scheme of things but I'm going to vote with my wallet anyway.
They matter a whole lot in the grand scheme of things.
Ray Beckerman +5 Insightful
Simply putting up the money doesn't mean you have the right to impact other peoples use of the same infrastructure they're paying for. Downloaders aren't the only ones using the network.
I agree that when you pay for something like an iPhone it's yours to do with as you please. A uni, however, is offering you a service for a fee. They're free to dictate terms on the use of that service. Don't like the terms, goto a different uni.
No sig for you!!
How do you "audit" to find out what a MAC address was temporarily set to?
DHCP logs only get you from IP to MAC, they don't tell you anything about what that MAC is being used by.
If I have nothing to hide, don't search me
An IP specifies identity just like a home address does. Sure, the house may belong to me, and you have reasonable suspicion that it's me in there, but it could theoretically be ANYONE in the house. My mom, my wife, a neighbor, a burglar, whoever. That's why an address existing is not enough to positively identify me as the person who, say, crank called.
My blog. Good stuff (when I remember to update it). Read it.
Shh! stop giving them ideas!!!
Also that sounds expensive... and hell to deal with 10K students who can barely use a mouse trying to understand why they need to remember those passwords and why it wtopped working after they deleted those files etc....
The latter is far more likely than the former to have the desired effect. It seems to me that downloading whatever you want has been proven repeatedly to be used by the RIAA to justify their tactics.
Oh, I wasn't downloading whatever I want to make a point to RIAA. I was downloading whatever I want because it was free. I think most people would acknowledge on some level that it's wrong to do that -- what I would dispute is that the person who engages in file-sharing deserves to be punished more harshly than the person who shoplifts a CD.
If somebody got a $222,000 fine for shoplifting a $20 CD I'm fairly certain that it would cause public outrage and probably be ruled unconstitutional. Funny RIAA uses the civil system to accomplish what the criminal system would acknowledge as being completely disproportional to the "crime" that was committed......
Personally, I hope they all burn in hell.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
There isn't any music 'they can face'.
For copyright to exist, it required a minimal level of effort required to violate copyright, especially at the 'mass production' level.
That no longer exist. Ergo, copyright no longer works. I'm not saying that as a moral judgment, I'm not saying it's a good thing or a bad thing, I'm not saying whether I like it or not, I have no idea what that will do to the production of creative works.
Copyright was always aimed more at commercial interests than anyone else, because for the longest time only commercial interests could copy things, or at least could copy them at a high enough quality to effect things, or a high enough volume.
And then came the internet, where commercial interests are not needed to copy music or TV or movies or books or anything. Perfectly. Forever. Copyright was never designed to stop anything like that.
'Copyright no longer works' is just a value-neutral statement of fact. I did not make this true, do not blame me.
Now, the music's industry thrashing around attempting to face this fact could, indeed, cause damage, and thus I'm in favor of altering the laws to recognize this new fact and limit the damage they can do. Not because I feel this new fact is 'morally superior' or anything, but because I feel it is true.
If corporations are people, aren't stockholders guilty of slavery?
It's as simple as that.
Buy used CDs and DVDs. Preferably from local independently owned shops.
The ONLY new DVDs I've purchased in the last year or so have been the FUTURAMA movies, because I want MORE FUTURAMA! And the best way for that to happen is to show Fox that it's to their financial advantage to make more FUTURAMA.
However, other than those purchases, every DVD and CD I've bought for the past few years has been previously owned.
I get the movies and music I want, and the MAFIAAs get not one penny of my money in return.
When I get my newly purchased used discs home, CDs get ripped to iTunes, DVDs get ripped & stripped via MacTheRipper. Discs then get filed away for safekeeping, and my digital copies are used in their place.
If you MUST download music and video, USENET is a much safer alternative. The alt.binaries hierarchies have just as much digital new content as BitTorrent, and the popular/most used newsgroups have dedicated users who will, if asked politely, take requests for content reuploads.
Via NZB, downloads are as simple as one or two mouseclicks and are usually faster than BitTorrent.
Oh, and they are almost completely untraceable. Making life for the MAFIAAs all the more miserable.
Guaranteed! This comment 100% Anthrax free!