Judge Excludes 3 "John Does" From RIAA Subpoena

NewYorkCountryLawyer writes "In one of the RIAA's 'John Doe' cases targeting Boston University students, after the University wrote to the Court saying that it could not identify three of the John Does 'to a reasonable degree of technical certainty,' Judge Nancy Gertner deemed the University's letter a 'motion to quash,' and granted it, quashing the subpoena as to those defendants. In the very brief docket entry (PDF) containing her decision, she noted that 'compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery.' There is an important lesson to be learned from this ruling: if the IT departments of the colleges and universities targeted by the RIAA would be honest, and explain to the Courts the problems with the identification and other technical issues, there is a good chance the subpoenas will be vacated. Certainly, there is now a judicial precedent for that principle. One commentator asks whether this holding 'represents the death knell to some, if not all, of the RIAA's efforts to use American university staff as copyright cops.'"

It's obvious that what we need is...

[Joce640k]

...a new law requiring better IP tracking built into all new routers and laptops.

Re:It's obvious that what we need is...

[HungryHobo]

Sad but true. just leaving the problem that I can change my mac address and even with username/pass systems pilfering a login/pass from a com girl or arts student in my uni would be childsplay

Re:It's obvious that what we need is...

[Alarindris]

Sad but true. just leaving the problem that I can change my mac address and even with username/pass systems pilfering a login/pass from a com girl or arts student in my uni would be childsplay

I would like to see more discussion on that actually. I understand that anonymity is sort of the thing that makes the internet great.

Is having a static home address (123 Cherry Lane) preventing anonymity in the real world? Is that a valid comparison?

It seems like the point above could/should be a concern to an average user, retaining your identity?

Re:It's obvious that what we need is...

[Shakrai]

How can you be "impeding the investigation" if you took these measures before any such investigation existed? It would be one thing to destroy evidence after being issued a subpoena but I'm not aware of any law that requires IT departments to retain logs of IP assignments.......

Re:It's obvious that what we need is...

[SkyDude]

I would like to see more discussion on that actually. I understand that anonymity is sort of the thing that makes the internet great.

I'm not so sure that total anonymity is such a great thing. It allows too many cretins to make personal attacks on people, essentially convicting someone of a perceived crime, when none may have occurred. Certainly, those who have been the victims would agree.

Is having a static home address (123 Cherry Lane) preventing anonymity in the real world? Is that a valid comparison?

When you realize that your home can be seen by anyone via Google Earth or similar service, it does call into question how private is your life. Of course, the view is not real time, but it is a snapshot and who knows what was happening that day? I think a closer comparison might be your landline telephone. It's not completely anonymous, can be traced to an physical address in most cases and there are laws that disallow the use of the phone for certain things such as uttering threats or causing a fraud to be perpetrated.

I am in no way condoning the actions of the RIAA, but until the failed business model they were assigned to protect is gone, they have the right to stop the unfettered sharing of copyrighted materials. Just like a trace that can be put on a landline phone, and the identity of the phone subscriber found, the RIAA has an obligation to its client to find out who is causing the client to lose revenue and changing one's MAC or IP address may seem like a cool way to beat it, but the law may not be on your side at this time.

Having said all of that, one has to ask how much longer the recording industry will continue this folly.

Re:It's obvious that what we need is...

[Shakrai]

Well, gosh, when you spin it that way, who'd let themselves be used?!

Eh, I wasn't spinning, that's how I really see it. My job as an IT person is to make sure that the network is functional for my users. My job isn't to help RIAA build a case that will be used to bankrupt one of my users based on some thin argument like "making available". Not having logs of IP assignments (or keeping those logs for very short periods of time) isn't going to be a huge hindrance to me -- so I choose not to keep them in my shop.

The RIAA and their unlicensed investigative agencies do that

Fixed that for you :)

Re:It's obvious that what we need is...

I am in no way condoning the actions of the RIAA, but until the failed business model they were assigned to protect is gone, they have the right to try to stop the alleged unfettered sharing of copyrighted materials.

Fixed that for you.

Just like a trace that can be put on a landline phone, and the identity of the phone subscriber found,

This is the same stupid justification that the RIAA uses in all its John Doe suits. The phone subscriber may not be the one using the phone.

the RIAA has an obligation to its client to find out who is causing the client to lose revenue

Shouldn't the 'client'(artists) also be receiving their share of money collected? Don't the RIAA have an obligation to work within the law to find the ones responsible beyond reasonable doubt instead of going after anyone with only the flimsiest of evidence and then expecting others to do all the work for them?

and changing one's MAC or IP address may seem like a cool way to beat it, but the law may not be on your side at this time.

Changing your MAC or IP is not illegal. In a world where governments are trying to record everything we do, anything that makes it harder for people to track you is a good thing.

Re:It's obvious that what we need is...

[Shakrai]

The latter is far more likely than the former to have the desired effect. It seems to me that downloading whatever you want has been proven repeatedly to be used by the RIAA to justify their tactics.

Oh, I wasn't downloading whatever I want to make a point to RIAA. I was downloading whatever I want because it was free. I think most people would acknowledge on some level that it's wrong to do that -- what I would dispute is that the person who engages in file-sharing deserves to be punished more harshly than the person who shoplifts a CD.

If somebody got a $222,000 fine for shoplifting a $20 CD I'm fairly certain that it would cause public outrage and probably be ruled unconstitutional. Funny RIAA uses the civil system to accomplish what the criminal system would acknowledge as being completely disproportional to the "crime" that was committed......

Personally, I hope they all burn in hell.

There's another clear lesson here

[Drakkenmensch]

When file sharing your music and movies, use public wifi points to crush any lawsuit potential from the RIAA!

Re:Odd

Really? Even if they used it without your knowledge?

That's like saying that if I let my mates take my car and they go commit a crime with it (say a hit and run), I should be punished for it.

I wouldn't be classified as an accessory to their hit-and-run, so why should I be an accessory to their copyright infringement if I let them use my connection?

Re:Odd

[HungryHobo]

Most of my neighbours have wireless.
I could crack into them in minutes and download.
Are they supposed to be security experts now?
What about when WPA gets cracked? even the ones with a little knowhow will be open for a time.

If someone breaks into your house and commits mail fraud while you're away are you guilty because your door wasn't strong enough to keep them out?

"accessory to their infringement" is bullshit

We can hope...

[wild_quinine]

... but there's little hope to be found.

The suddenoutbreakofcommonsense shown on this small scale is coming too late, I fear. Because even now, ISPs are caving to big media. Phorm worms its way through many UK ISPs, apparently undiminished. A consortium of service providers have agreed to keep tabs on the situation for the record insdustry, amongst others, and send out warning letters to infringers. Usenet has been all but dropped from the roster of ISP services.

Unlike the naysayers, I always believed that the internet would remain free. After all, ISPs have always been protected as carriers, just like the postal service - and the postal service is not subject to search and seizure without due process. Nobody can open my private mail (unless it crosses borders) and check for pirated DVDs, without a really good reason to suspect that I'm pirating DVDs.

But I was wrong, and stupid, and for once in my damn life, too optimistic.

Because for every smart call like the one above, there are ten stories of companies we need to be able to trust voluntarily caving to pressure. It's too damn late.

Re:We can hope...

[jambox]

You may be right but I don't think it's over yet - it wouldn't be too tough to routinely encrypt most or all traffic. Anyhow, even if the media companies do manage to maim the internet by throwing lawyers at ISPs, I doubt this'll save the record companies, because the internet is only part of their problem. If I want to I can get 100+ free albums just by asking people who sit near me at work, without having to be online at all. Virtually everyone's got a cheap USB hard disk plugged into their laptops, each one of which can store enormous amounts of music.

Re:We can hope...

[oreaq]

Of course it will not save the record companies. The problem is the damage they do while dying.

Universities still need to police their networks

[MikeRT]

In 2001, my alma mater had 2 45mbps lines for the university and they were consistently hammered by the students doing file sharing. It got to the point that some people in the CS department joked that banging out packets across tin-cans-on-strings would be faster than using the campus network when classes were generally over for the day.

Then, the university instituted packet shapers across the network and it got usable again. Usable to the point where I didn't feel like I was on a 14.4k modem again.

If you want to bootleg content, then pay for your own connection.

spoof::poof

[lq_x_pl]

The means to spoofing one's variety of e-identities (including MAC, IP, Useragent) are light years ahead of the means of tracking use!
The RIAA could demand some draconian cerberos system, but I doubt that rendering large campus networks unusable will garner them any support from the already annoyed campus IT admins. Anyway, much like the AV companies vs virus-writers, this battle is an entirely defensive one.

It's nice to see something logical leaking out of the judicial system, however.

Death Knell?

[Thyamine]

Isn't every one of these stories tagged as being the death knell for the RIAA? Don't get me wrong, I'm always glad to see the RIAA losing in these types of cases, but 'death knell for the RIAA' is getting to be 'Year for Linux on the Desktop'.

Re:Death Knell?

[Sj0]

Depends how you define "the year of linux on the desktop", doesn't it?

The fastest growing segment of the PC market, netbooks, are split between Windows XP and linux. That, along with reaching mature status on important projects like web browsers, office software, media players, and Instant Messagers, is slowly making linux a viable alternative to Windows, as the netbook market is showing.

Similarly, depends how you define "death knell". I don't think any one of these bad things is going to spell the end of the RIAA crusade against their customers. I do think, however, that the slow build-up of legal ways to avoid being attacked will make their crusade more effort than it's worth. They'll go from being able to sue 3000 people in a single lawsuit to having to focus on a few, then maybe one. At that point, it's not economical to sue potential customers anymore, and they'll just have to figure out ways to make money instead.

Re:Death Knell?

[NewYorkCountryLawyer]

Isn't every one of these stories tagged as being the death knell for the RIAA? Don't get me wrong, I'm always glad to see the RIAA losing in these types of cases, but 'death knell for the RIAA' is getting to be 'Year for Linux on the Desktop'.

Well look at it this way. If this case stands for the principle that no John Doe information can be divulged unless the ISP can identify the "alleged infringer" to a "reasonable degree of technical certainty", and that principle is followed by other courts.... very few, if any, "alleged infringers", will ever be identified.

Re:Death Knell?

[TheRaven64]

BSD (cousin to Linux?)

It's pretty hard to class OS X as related to Linux. OS X is UNIX, with code from AT&T UNIX via 4BSD and later via FreeBSD and code from CMU Mach. It is UNIX(tm), as it has passed certification by The Open Group.

Linux is a clone of UNIX, shares no code with UNIX (except a few small bits taken from BSD, mostly headers), and is not certified as UNIX(tm).

Re:Death Knell?

[DavidTC]

There isn't any music 'they can face'.

For copyright to exist, it required a minimal level of effort required to violate copyright, especially at the 'mass production' level.

That no longer exist. Ergo, copyright no longer works. I'm not saying that as a moral judgment, I'm not saying it's a good thing or a bad thing, I'm not saying whether I like it or not, I have no idea what that will do to the production of creative works.

Copyright was always aimed more at commercial interests than anyone else, because for the longest time only commercial interests could copy things, or at least could copy them at a high enough quality to effect things, or a high enough volume.

And then came the internet, where commercial interests are not needed to copy music or TV or movies or books or anything. Perfectly. Forever. Copyright was never designed to stop anything like that.

'Copyright no longer works' is just a value-neutral statement of fact. I did not make this true, do not blame me.

Now, the music's industry thrashing around attempting to face this fact could, indeed, cause damage, and thus I'm in favor of altering the laws to recognize this new fact and limit the damage they can do. Not because I feel this new fact is 'morally superior' or anything, but because I feel it is true.

Re:Universities still need to police their network

[Skye16]

Isn't that what I'm did by paying the obscene "technology fee"? What ELSE is that 1224$ going toward?

Is it hookers? Hookers and blow? You can tell me the truth. I won't be half as mad if you tell me it's hookers and blow.

Re:Universities still need to police their network

[wild_quinine]

If you want to bootleg content, then pay for your own connection.

I have to disagree with your final point; in almost any University environment the students ARE paying for their connections one way or another. The terms under which they can use it, however, are usually a bit more restrictive that your standard ISP.

Don't get carried away

[The+Second+Horseman]

Via other legislation, it looks like colleges and universities in the US are going to be expected to take active steps - training and education, and likely technical as well - to curb piracy or else risk losing federal funding. It's part of the "Higher Education Opportunity Act". They're now in the "rulemaking" phase, but I find it hard to believe that the Department of Education is going to be particularly accommodating, and I'm not confident that the new administration will be substantially better than the old on this issue. I think this case is going to give the RIAA/MPAA and their allies in congress something to point at to say "See! We need more protection".

If we're required to do blocking and monitoring, the BU defense won't hold, because we'll have the data. At this point, the biggest factor is the delay. If you're a university buying service through a provider, and the letter goes to them first, it takes at least a week, often more, to get to you. By that point, there's usually not even any reason to look for the torrent they're complaining about.

Re:Don't get carried away

[Sun.Jedi]

If we're required to do blocking and monitoring, the BU defense won't hold, because we'll have the data.

I wonder what kind of ridiculous fine structure or penalties there will be for not logging what you monitor?

How about a well documented disk failure event on the file system containing all the logs? "Sorry, Your Honor, we logged everything, and then the disk failed."

Are we going to be legislated into complete backup strategies? I doubt it.

I think the Senate/Obama stance is that bad business models can be allowed to fail (See GM, Ford, Chryseler). It that holds true, the business model of the RIAA/Big 4, which was a sinking ship before Sep08, will certainly have some scrutiny before legislation. Couple that with overwhelming projections of a poor buying season, and I can't see how the RIAA has much of a leg to stand on here.

Re:Odd

[Jimmy+King]

You bring up something that I think about somewhat often.

On the one hand, the Internet is incredibly useful and provides so much information and entertainment which I believe everyone SHOULD be able to access. It would be a huge loss to society, imo, for people lose this.

On the other hand, computers are complex. Networks are a complex part of computers. Security is a yet more complex part of computer networks. These are things that people spend years learning about and are constantly learning more about, yet here we are encouraging average, untrained people to stick computers which they are basically system administrators for on the largest, most complex, and hardest to secure network in the world? How much sense does that make?

Re:Universities still need to police their network

[h4x354x0r]

I work at a U, and they charge the students, faculty, staff, departments, and everything else that has any money, an obscene amount of money for a network connection. Students ARE paying, and barely getting their money's worth, even when file sharing.

Re:Change of direction

[infalliable]

Doubtful. The president/executive branch has very little influence on the lower courts. They weigh in on matters that will directly affect them, such as national security, but file sharing tends to be pretty low on the list of important things to the executive branch.

Biden has also a history of being pretty pro-copyright, so that would actually skew it the other way.

I think it has more to do with the courts (especially specific judges) getting sick of the RIAA.

Slashdot Article #921431008 supporting piracy

[mumblestheclown]

This was, by my count, slashdot article #921431008 which slants positively for the "less power for rightsholders" side. I'm still waiting for slashdot article #1 where somebody presents a decent and fair plan that both acknowledges new technologies and the possibilities that they bring AND the rights of the rightsholders to be fairly compensated and to reasonably punish/recover from wrongdoers.

Of course, it would be so very socially awkward to point out that virtually all policies slashdot have supported so far amount to in effect a regressive wealth transfer from the poor to the wealthy, where the poor who are for whatever reason unable to use a p2p service and thus purchase CDs subsidize the entertainment of those who otherwise generally can afford it. Oh no. Pointing out such things is just not cool.

Re:Slashdot Article #921431008 supporting piracy

[mcgrew]

I'm still waiting for slashdot article #1 where somebody presents a decent and fair plan that both acknowledges new technologies and the possibilities that they bring AND the rights of the rightsholders to be fairly compensated and to reasonably punish/recover from wrongdoers.

Sorry bud, but it ain't gonna happen. The "rightsholders" are the labels - this is only one of many reforms that need to be made. The recording artists should own copyright; they should NOT be "works for hire".

Copyright lengths need to be brought back down to sane levels. I should NOT have to pay for a Jimi Hendrix download.

Copyrights need to be registered again. Automatic granting of copyright is madness.

Out of print works should not be covered by copyright.

it would be so very socially awkward to point out that virtually all policies slashdot have supported so far amount to in effect a regressive wealth transfer from the poor to the wealthy

I don't know where you got the idea that Sony-BMI executives (who actually own the copyrights) are poor and the downloaders are wealthy.

I suggest you read Lawrence Lessig's Free Culture. The following quote is abridged:

File sharers share different kinds of content. We can divide these different kinds into four types.

A. There are some who use sharing networks as substitutes for purchasing content.

B. There are some who use sharing networks to sample music before purchasing it.

C. There are many who use sharing networks to get access to copyrighted content that is no longer sold or that they would not have purchased because the transaction costs off the Net are too high. For content not sold, this is still technically a violation of copyright, though because the copyright owner is not selling the content anymore, the economic harm is zero--the same harm that occurs when I sell my collection of 1960s 45-rpm records to a local collector.

D. Finally, there are many who use sharing networks to get access to content that is not copyrighted or that the copyright owner wants to give away.

Whether on balance sharing is harmful depends importantly on how harmful type A sharing is.

While the numbers do suggest that sharing is harmful, how harmful is harder to reckon. It has long been the recording industry's practice to blame technology for any drop in sales. The history of cassette recording is a good example.

The fact is, the labels are on the wrong side of history. Independant (non-RIAA) artists have learned to use the internet to their advantage. The RIAA wants to use copyright law to kill the independant competetion, who use Lessig's "D" as a means of promotion.

It isn't about music lovers "stealing" music -- study after study shows that "pirates" spend more money on music than non-pirates. It's about squashing competetion. The RIAA has radio, the indies have P2P, so the RIAA wants to kill P2P.

Nobody outside the industry who understands the situation is on the RIAA's side.

Re:Slashdot Article #921431008 supporting piracy

[Tiberius_Fel]

If you have a solution that is a decent and fair plan that both acknowledges new technologies and the possibilities that they bring AND the rights of the rightholders to be fairly compensated and to reasonably punish/recover from wrongdoers, I for one would be interested in hearing it.

Here's the thing about copyright in the digital age. For software, music, videos, the marginal (per additional copy) cost is zero. Now, given that it takes no effort to copy it, and anybody can do it in his own home (or his parents' I suppose), how can you realistically stop that, without invading everyone's privacy? How can you even really know that they're doing it? Same thing with downloading it: the only way to know is to invade the privacy of the people by monitoring all their transfers. And even then, it's an imperfect system. How do you know what they have the right to down/upload? How do you deal with authorization? What about false positives? False negatives?

Also, your argument about how it's a regressive wealth transfer from the poor to the wealthy is a bit off-track. If the government(s) imposed a tax on everyone that was used to compensate artists for the creation, it will most likely be nowhere near as draconian as you make it seem. It's not like the government will charge a flat tax on everyone. Presumably, like other "progressive" taxes, it will be charged at a percentage, based on your ability to pay. Thus rich people will pay more and poor people will pay less. There will most likely be a group who pays nothing into this at all, like with income tax. Also, is it really a transfer to the wealthy? I know when you think of artists, you imagine the pop sensation of the day who has millions and millions of dollars, but there are still lots of "starving artists" out there.

You're making the issue too emotionally charged by using terms like "regressive wealth transfer from the poor to the wealthy", which a lot of people emotionally oppose. But it's not really like that.

Re:Slashdot Article #921431008 supporting piracy

[NewYorkCountryLawyer]

This was (a) a news report about a judge quashing a subpoena, (b) followed by a quotation of an opinion by a commentator. There was no slant in the news, and it provides a link to the actual document. The expression of opinion was clearly denominated as such. I'm under no obligation to come up with a "plan". I have no training as a "planner", I'm a litigation lawyer. Me coming up with a 'plan' would be like asking me to do your plumbing.... I don't think you'd be very happy with the end result.

Re:Slashdot Article #921431008 supporting piracy

[skeeto]

AND the rights of the rightsholders to be fairly compensated and to reasonably punish/recover from wrongdoers*.

In the US, where the article takes place, there is no right for writers/artists/developers to be "fairly" compensated**. None whatsoever. In fact, it is quite the opposite: it is our right to share culture freely. The purpose of copyright, as described by the US constitution, is meant to serve the public by encouraging the growth of the public domain. The public temporarily waives their natural rights to freely share their culture in order to encourage writers/artists/developers to write/sing/develop. Before the digital age, this was a right individual people couldn't even exercise in the first place, so they were getting a real bargain out of it.

The problem is that the temporary part is gone. Copyright terms are way too long, longer than human lifetimes. We really should be legally allowed to freely share everything from (at least) the 80's and before. All these works should be in the public domain by now. This is why you might see this slant on /., because copyright is way out of balance and unconstitutional. It needs to serve the public again. I bet you will find that many, if not most, works on P2P networks would be legal to share if we had reasonable copyright terms.

* As a side note, you said "wrongdoers" to describe people breaking laws. Please don't mix up right/wrong with legal/illegal. These are completely unrelated.

** In other countries authors may actually have rights that don't exist in the US. For example, in the UK there are a set of non-transferable "moral rights" for authors. Since I live in the US I don't have to worry much about this, though.

Re:Universities still need to MANAGE their network

Please note the change I made to your thread title. A huge difference exists in the concept and implementation of policing vs managing a network.

Policing the network requires a mindset which assumes the students will do bad things and the administration is determined to catch and punish accused systems perpetrators.

Managing the network, as your example shows, is the proper implementation of policies and configurations which allow the University community to effectively perform their work.

Managing the network is more effective and provides a more collegial atmosphere.

In my CS Department, all the information which could be used by the RIAA to track student usage of systems is NOT logged. Attempts to obtain unauthorized access are logged; but not successful authorized access. [All you security types can take your immediate objections and stuff them in your policy orifice.]

Re:Odd

[NewYorkCountryLawyer]

Why don't you get your facts straight?

It's libertarian

[Nerdposeur]

I think the problem here is poor definition of "left" vs. "right."

Ask a question pertaining to abortion, and most of the answers here are "anything goes," which sounds left-wing. Ask a question about the economy, and the answers are more "government isn't your sugar daddy," which sounds right-wing.

I think the most common /. viewpoint is best described as "libertarian," which can be summed up as "leave us alone and don't tell us what to do."

Re:It's libertarian

[NewYorkCountryLawyer]

I think the problem here is poor definition of "left" vs. "right." Ask a question pertaining to abortion, and most of the answers here are "anything goes," which sounds left-wing. Ask a question about the economy, and the answers are more "government isn't your sugar daddy," which sounds right-wing. I think the most common /. viewpoint is best described as "libertarian," which can be summed up as "leave us alone and don't tell us what to do."

I think any attempt to distill a prevailing political orientation on Slashdot is doomed to failure. There is, in truth, a great deal of diversity here.

The only common thread is that each of us is right.

Re:Odd

[RulerOf]

How do IPs not specify identity?

They just don't.

Sure, you can build a system with multiple paths of registration and logging and authentication, but a majority of those processes can be spoofed or socially engineered.

If you came up to me with a subpoena asking who had IP address 192.168.1.X on this day at this time, even if I still had the logs on my DHCP server, it would take a significant amount of forensics (IE, an audit of every laptop my friends or neighbors own) to determine who the culprit was.

Re:Odd

[corsec67]

If you came up to me with a subpoena asking who had IP address 192.168.1.X on this day at this time, even if I still had the logs on my DHCP server, it would take a significant amount of forensics (IE, an audit of every laptop my friends or neighbors own) to determine who the culprit was.

How do you "audit" to find out what a MAC address was temporarily set to?

DHCP logs only get you from IP to MAC, they don't tell you anything about what that MAC is being used by.

Re:NewYorkCountryLawyer - precedent???

[NewYorkCountryLawyer]

I defer to the expertise of an attorney, but unless this was a ruling by a court of appeals or above, there is no precedent set. Trial courts render judgments which can be referenced in litigation, but not cited as "precedent" on other legal cases... is this not correct? Please correct me if I'm wrong.

It's a precedent. It's not 'controlling' or 'binding' but it's a precedent.

Re:Chronicle of Higher Education

[NewYorkCountryLawyer]

Actually the correct permalink to the story is here. Sorry about that.