Judge Excludes 3 "John Does" From RIAA Subpoena

NewYorkCountryLawyer writes "In one of the RIAA's 'John Doe' cases targeting Boston University students, after the University wrote to the Court saying that it could not identify three of the John Does 'to a reasonable degree of technical certainty,' Judge Nancy Gertner deemed the University's letter a 'motion to quash,' and granted it, quashing the subpoena as to those defendants. In the very brief docket entry (PDF) containing her decision, she noted that 'compliance with the subpoena as to the IP addresses represented by these Defendants would expose innocent parties to intrusive discovery.' There is an important lesson to be learned from this ruling: if the IT departments of the colleges and universities targeted by the RIAA would be honest, and explain to the Courts the problems with the identification and other technical issues, there is a good chance the subpoenas will be vacated. Certainly, there is now a judicial precedent for that principle. One commentator asks whether this holding 'represents the death knell to some, if not all, of the RIAA's efforts to use American university staff as copyright cops.'"

It's obvious that what we need is...

[Joce640k]

...a new law requiring better IP tracking built into all new routers and laptops.

Re:It's obvious that what we need is...

[HungryHobo]

Sad but true. just leaving the problem that I can change my mac address and even with username/pass systems pilfering a login/pass from a com girl or arts student in my uni would be childsplay

Re:It's obvious that what we need is...

[Shakrai]

How can you be "impeding the investigation" if you took these measures before any such investigation existed? It would be one thing to destroy evidence after being issued a subpoena but I'm not aware of any law that requires IT departments to retain logs of IP assignments.......

Re:It's obvious that what we need is...

[SkyDude]

I would like to see more discussion on that actually. I understand that anonymity is sort of the thing that makes the internet great.

I'm not so sure that total anonymity is such a great thing. It allows too many cretins to make personal attacks on people, essentially convicting someone of a perceived crime, when none may have occurred. Certainly, those who have been the victims would agree.

Is having a static home address (123 Cherry Lane) preventing anonymity in the real world? Is that a valid comparison?

When you realize that your home can be seen by anyone via Google Earth or similar service, it does call into question how private is your life. Of course, the view is not real time, but it is a snapshot and who knows what was happening that day? I think a closer comparison might be your landline telephone. It's not completely anonymous, can be traced to an physical address in most cases and there are laws that disallow the use of the phone for certain things such as uttering threats or causing a fraud to be perpetrated.

I am in no way condoning the actions of the RIAA, but until the failed business model they were assigned to protect is gone, they have the right to stop the unfettered sharing of copyrighted materials. Just like a trace that can be put on a landline phone, and the identity of the phone subscriber found, the RIAA has an obligation to its client to find out who is causing the client to lose revenue and changing one's MAC or IP address may seem like a cool way to beat it, but the law may not be on your side at this time.

Having said all of that, one has to ask how much longer the recording industry will continue this folly.

Re:It's obvious that what we need is...

[Shakrai]

Well, gosh, when you spin it that way, who'd let themselves be used?!

Eh, I wasn't spinning, that's how I really see it. My job as an IT person is to make sure that the network is functional for my users. My job isn't to help RIAA build a case that will be used to bankrupt one of my users based on some thin argument like "making available". Not having logs of IP assignments (or keeping those logs for very short periods of time) isn't going to be a huge hindrance to me -- so I choose not to keep them in my shop.

The RIAA and their unlicensed investigative agencies do that

Fixed that for you :)

There's another clear lesson here

[Drakkenmensch]

When file sharing your music and movies, use public wifi points to crush any lawsuit potential from the RIAA!

Re:Odd

[HungryHobo]

Most of my neighbours have wireless.
I could crack into them in minutes and download.
Are they supposed to be security experts now?
What about when WPA gets cracked? even the ones with a little knowhow will be open for a time.

If someone breaks into your house and commits mail fraud while you're away are you guilty because your door wasn't strong enough to keep them out?

"accessory to their infringement" is bullshit

We can hope...

[wild_quinine]

... but there's little hope to be found.

The suddenoutbreakofcommonsense shown on this small scale is coming too late, I fear. Because even now, ISPs are caving to big media. Phorm worms its way through many UK ISPs, apparently undiminished. A consortium of service providers have agreed to keep tabs on the situation for the record insdustry, amongst others, and send out warning letters to infringers. Usenet has been all but dropped from the roster of ISP services.

Unlike the naysayers, I always believed that the internet would remain free. After all, ISPs have always been protected as carriers, just like the postal service - and the postal service is not subject to search and seizure without due process. Nobody can open my private mail (unless it crosses borders) and check for pirated DVDs, without a really good reason to suspect that I'm pirating DVDs.

But I was wrong, and stupid, and for once in my damn life, too optimistic.

Because for every smart call like the one above, there are ten stories of companies we need to be able to trust voluntarily caving to pressure. It's too damn late.

Universities still need to police their networks

[MikeRT]

In 2001, my alma mater had 2 45mbps lines for the university and they were consistently hammered by the students doing file sharing. It got to the point that some people in the CS department joked that banging out packets across tin-cans-on-strings would be faster than using the campus network when classes were generally over for the day.

Then, the university instituted packet shapers across the network and it got usable again. Usable to the point where I didn't feel like I was on a 14.4k modem again.

If you want to bootleg content, then pay for your own connection.

spoof::poof

[lq_x_pl]

The means to spoofing one's variety of e-identities (including MAC, IP, Useragent) are light years ahead of the means of tracking use!
The RIAA could demand some draconian cerberos system, but I doubt that rendering large campus networks unusable will garner them any support from the already annoyed campus IT admins. Anyway, much like the AV companies vs virus-writers, this battle is an entirely defensive one.

It's nice to see something logical leaking out of the judicial system, however.

Death Knell?

[Thyamine]

Isn't every one of these stories tagged as being the death knell for the RIAA? Don't get me wrong, I'm always glad to see the RIAA losing in these types of cases, but 'death knell for the RIAA' is getting to be 'Year for Linux on the Desktop'.

Re:Universities still need to police their network

[Skye16]

Isn't that what I'm did by paying the obscene "technology fee"? What ELSE is that 1224$ going toward?

Is it hookers? Hookers and blow? You can tell me the truth. I won't be half as mad if you tell me it's hookers and blow.

Re:Odd

[Jimmy+King]

You bring up something that I think about somewhat often.

On the one hand, the Internet is incredibly useful and provides so much information and entertainment which I believe everyone SHOULD be able to access. It would be a huge loss to society, imo, for people lose this.

On the other hand, computers are complex. Networks are a complex part of computers. Security is a yet more complex part of computer networks. These are things that people spend years learning about and are constantly learning more about, yet here we are encouraging average, untrained people to stick computers which they are basically system administrators for on the largest, most complex, and hardest to secure network in the world? How much sense does that make?

Re:Universities still need to police their network

[h4x354x0r]

I work at a U, and they charge the students, faculty, staff, departments, and everything else that has any money, an obscene amount of money for a network connection. Students ARE paying, and barely getting their money's worth, even when file sharing.

Slashdot Article #921431008 supporting piracy

[mumblestheclown]

This was, by my count, slashdot article #921431008 which slants positively for the "less power for rightsholders" side. I'm still waiting for slashdot article #1 where somebody presents a decent and fair plan that both acknowledges new technologies and the possibilities that they bring AND the rights of the rightsholders to be fairly compensated and to reasonably punish/recover from wrongdoers.

Of course, it would be so very socially awkward to point out that virtually all policies slashdot have supported so far amount to in effect a regressive wealth transfer from the poor to the wealthy, where the poor who are for whatever reason unable to use a p2p service and thus purchase CDs subsidize the entertainment of those who otherwise generally can afford it. Oh no. Pointing out such things is just not cool.

Re:Slashdot Article #921431008 supporting piracy

[mcgrew]

I'm still waiting for slashdot article #1 where somebody presents a decent and fair plan that both acknowledges new technologies and the possibilities that they bring AND the rights of the rightsholders to be fairly compensated and to reasonably punish/recover from wrongdoers.

Sorry bud, but it ain't gonna happen. The "rightsholders" are the labels - this is only one of many reforms that need to be made. The recording artists should own copyright; they should NOT be "works for hire".

Copyright lengths need to be brought back down to sane levels. I should NOT have to pay for a Jimi Hendrix download.

Copyrights need to be registered again. Automatic granting of copyright is madness.

Out of print works should not be covered by copyright.

it would be so very socially awkward to point out that virtually all policies slashdot have supported so far amount to in effect a regressive wealth transfer from the poor to the wealthy

I don't know where you got the idea that Sony-BMI executives (who actually own the copyrights) are poor and the downloaders are wealthy.

I suggest you read Lawrence Lessig's Free Culture. The following quote is abridged:

File sharers share different kinds of content. We can divide these different kinds into four types.

A. There are some who use sharing networks as substitutes for purchasing content.

B. There are some who use sharing networks to sample music before purchasing it.

C. There are many who use sharing networks to get access to copyrighted content that is no longer sold or that they would not have purchased because the transaction costs off the Net are too high. For content not sold, this is still technically a violation of copyright, though because the copyright owner is not selling the content anymore, the economic harm is zero--the same harm that occurs when I sell my collection of 1960s 45-rpm records to a local collector.

D. Finally, there are many who use sharing networks to get access to content that is not copyrighted or that the copyright owner wants to give away.

Whether on balance sharing is harmful depends importantly on how harmful type A sharing is.

While the numbers do suggest that sharing is harmful, how harmful is harder to reckon. It has long been the recording industry's practice to blame technology for any drop in sales. The history of cassette recording is a good example.

The fact is, the labels are on the wrong side of history. Independant (non-RIAA) artists have learned to use the internet to their advantage. The RIAA wants to use copyright law to kill the independant competetion, who use Lessig's "D" as a means of promotion.

It isn't about music lovers "stealing" music -- study after study shows that "pirates" spend more money on music than non-pirates. It's about squashing competetion. The RIAA has radio, the indies have P2P, so the RIAA wants to kill P2P.

Nobody outside the industry who understands the situation is on the RIAA's side.

Re:Slashdot Article #921431008 supporting piracy

[Tiberius_Fel]

If you have a solution that is a decent and fair plan that both acknowledges new technologies and the possibilities that they bring AND the rights of the rightholders to be fairly compensated and to reasonably punish/recover from wrongdoers, I for one would be interested in hearing it.

Here's the thing about copyright in the digital age. For software, music, videos, the marginal (per additional copy) cost is zero. Now, given that it takes no effort to copy it, and anybody can do it in his own home (or his parents' I suppose), how can you realistically stop that, without invading everyone's privacy? How can you even really know that they're doing it? Same thing with downloading it: the only way to know is to invade the privacy of the people by monitoring all their transfers. And even then, it's an imperfect system. How do you know what they have the right to down/upload? How do you deal with authorization? What about false positives? False negatives?

Also, your argument about how it's a regressive wealth transfer from the poor to the wealthy is a bit off-track. If the government(s) imposed a tax on everyone that was used to compensate artists for the creation, it will most likely be nowhere near as draconian as you make it seem. It's not like the government will charge a flat tax on everyone. Presumably, like other "progressive" taxes, it will be charged at a percentage, based on your ability to pay. Thus rich people will pay more and poor people will pay less. There will most likely be a group who pays nothing into this at all, like with income tax. Also, is it really a transfer to the wealthy? I know when you think of artists, you imagine the pop sensation of the day who has millions and millions of dollars, but there are still lots of "starving artists" out there.

You're making the issue too emotionally charged by using terms like "regressive wealth transfer from the poor to the wealthy", which a lot of people emotionally oppose. But it's not really like that.

Re:Universities still need to MANAGE their network

Please note the change I made to your thread title. A huge difference exists in the concept and implementation of policing vs managing a network.

Policing the network requires a mindset which assumes the students will do bad things and the administration is determined to catch and punish accused systems perpetrators.

Managing the network, as your example shows, is the proper implementation of policies and configurations which allow the University community to effectively perform their work.

Managing the network is more effective and provides a more collegial atmosphere.

In my CS Department, all the information which could be used by the RIAA to track student usage of systems is NOT logged. Attempts to obtain unauthorized access are logged; but not successful authorized access. [All you security types can take your immediate objections and stuff them in your policy orifice.]

Re:Don't get carried away

[Sun.Jedi]

If we're required to do blocking and monitoring, the BU defense won't hold, because we'll have the data.

I wonder what kind of ridiculous fine structure or penalties there will be for not logging what you monitor?

How about a well documented disk failure event on the file system containing all the logs? "Sorry, Your Honor, we logged everything, and then the disk failed."

Are we going to be legislated into complete backup strategies? I doubt it.

I think the Senate/Obama stance is that bad business models can be allowed to fail (See GM, Ford, Chryseler). It that holds true, the business model of the RIAA/Big 4, which was a sinking ship before Sep08, will certainly have some scrutiny before legislation. Couple that with overwhelming projections of a poor buying season, and I can't see how the RIAA has much of a leg to stand on here.

Re:Odd

[NewYorkCountryLawyer]

Why don't you get your facts straight?

It's libertarian

[Nerdposeur]

I think the problem here is poor definition of "left" vs. "right."

Ask a question pertaining to abortion, and most of the answers here are "anything goes," which sounds left-wing. Ask a question about the economy, and the answers are more "government isn't your sugar daddy," which sounds right-wing.

I think the most common /. viewpoint is best described as "libertarian," which can be summed up as "leave us alone and don't tell us what to do."

Re:It's libertarian

[NewYorkCountryLawyer]

I think the problem here is poor definition of "left" vs. "right." Ask a question pertaining to abortion, and most of the answers here are "anything goes," which sounds left-wing. Ask a question about the economy, and the answers are more "government isn't your sugar daddy," which sounds right-wing. I think the most common /. viewpoint is best described as "libertarian," which can be summed up as "leave us alone and don't tell us what to do."

I think any attempt to distill a prevailing political orientation on Slashdot is doomed to failure. There is, in truth, a great deal of diversity here.

The only common thread is that each of us is right.

Re:Odd

[RulerOf]

How do IPs not specify identity?

They just don't.

Sure, you can build a system with multiple paths of registration and logging and authentication, but a majority of those processes can be spoofed or socially engineered.

If you came up to me with a subpoena asking who had IP address 192.168.1.X on this day at this time, even if I still had the logs on my DHCP server, it would take a significant amount of forensics (IE, an audit of every laptop my friends or neighbors own) to determine who the culprit was.

Re:Chronicle of Higher Education

[NewYorkCountryLawyer]

Actually the correct permalink to the story is here. Sorry about that.