Analysis of MediaSentry Wins Music-Download Suit

An anonymous reader writes "A Dartmouth professor's analysis of MediaSentry problems helped win a New Hampshire woman's RIAA music-download lawsuit. 'Since all of Plaintiffs' claims are based on the assumption that MediaSentry's software and computer configuration are trustworthy and free of errors, and this log clearly represents a failure of the MediaSentry software to perform the operation it claims to describe, the reliability and validity of the MediaSentry method should be questioned,' wrote professor Sergey Bratus in his report, dated May 30. 'In my opinion, these materials leave critical aspects of MediaSentry's evidence collection process undocumented. In my opinion, they express unwarranted assumptions regarding both software and network technologies involved, and attempt to create an illusion of evidence-supported certainty where it does not exist.'" The full report (PDF) is available online. It's worth noting that this victory was not the outcome of a court ruling; rather, a settlement was reached that did not require the defendant, Mavis Roy, to pay anything to the RIAA.

No computer, no crime!

[Geoffrey.landis]

Interesting, In this one, unlike the Misisippi case, apparently the person sued by the RIAA "said she didn't have a computer in the house at the time."

Whereas in the other case, the computer itself was not an issue.

Of course a settlement was reached

[RichMan]

Do you think the RIAA wants to get a Judge to rule on that evidence?

What would happen to the other cases/business model if media sentry's data collection was ruled not a secure chain of evidence path?

Cockroaches fear the light.

Me?

[arizwebfoot]

that did not require the defendant, Mavis Roy, to pay anything to the RIAA

Sometimes, life is good and all is right in the heavens.

Legalese shenanigans always a mess

[h00manist]

Well, so now either the RIAA starts arguments that it needs to gain access to the address where the IP is registered to search the computer before the case, or everyone starts arguing they never had a computer, or that they had an open wifi access point, or other legal hairsplitting on either side. I'm all for beating the riaa in court, but I'd prefer that it _somehow_ led to a debate of the copyright and patent laws themselves, like the Pirate Party winning a seat on the European Parliament, or a debate on proper amount of punitive damages the US law allows for, the RIAA reputation, etc. The Jammie Thomas-Rasset case is being pretty helpful.

Re:Legalese shenanigans always a mess

[the_humeister]

The Jammie Thomas-Rasset case is being pretty helpful.

It's helpful for everyone but Jammie Thomas-Rasset. Seriously, when you get a case brought upon you by the RIAA, you'd rather win and get on with your life rather than have to pay those bastards $1.9 million in installments until you die.

Re:Legalese shenanigans always a mess

[Runaway1956]

I tend to agree with you. But, it is necessary to destroy the credibility that RIAA enjoys in court, as well as arguing the more fundamental aspects of "fair use" and "First sale", and more. I read the PDF, and it thoroughly destroys Media Sentry as a "forensics" tool, or even as a data gathering tool. More, the paper demonstrates that the people using Media Sentry to gather data don't even understand the data they are gathering, nor how to verify that data. In short, it makes idiots of everyone at RIAA, starting with the talking suits who brag their software up, right down to the "technicians" who are busting people on the web. Credibility and/or the lack thereof, means an awful lot in any court. When was the last time a judge took your word over that of a cop? This is the problem we have right now. RIAA presents itself in court as a freind of the court, and as an enforcer. It's all entirely improper, of course, but they currently get away with it.

Fighting fire with dynamite

[TitusC3v5]

Is there any chance that MediaSentry's practices are a violation of some provision within the DMCA?

One thing to remember

[techno-vampire]

This is an out-of-court settlement, not a ruling by a judge. It doesn't set a precedent to be used in later cases. I'd almost bet money that as soon as the RIAA's landsharks found out what the professor's report said, they fell all over themselves offering a settlement to make sure it never came up in court. That means that they can continue to use the same type of "evidence" in other cases and hope the defendant caves.

Re:One thing to remember

[Xest]

It also means the word needs to be spread on this so that everyone can challenge the RIAA in the same way forcing them to either accept complete defeat or allow it to be tried in court and er, end up being forced into accepting defeat.

I've always wondered why this sort of defence hasn't been tested before. Effectively all MedaSentry are providing is a screenshot and/or text files showing that their IP was being used for downloading copyright material. Of course, generating such a screenshot in photoshop that is impossible to tell apart from an authentic screenshot is trivial, similarly any old joe can knock together a text file that suggests such and such an IP was downloading some data at a certain time.

Hell you don't even have to do that, you could create an offline network setup to mimic the IPs involved in the first place.

This is the problem I have with computer crime cases in general, and in fact, even computer forensics. Even if you confiscate a PC and do DNA analysis on the keyboard to see if person x is the guy who use this computer to commit crime y can you ever reall prove someone didn't just plug a different keyboard in the computer to commit the crime?

There's a need to catch criminals who use computers for sure, but I'm concerned in computer crime cases the level of evidence required is so rediculously weak, and so easily rigged or faked compared to normal crimes that if it continues I wouldn't be suprised if we end up with a plethora of wrongful convictions coming to light over the next few decades. Of course, companies like MediaSentry are only degrading the level of "evidence" that is apparently acceptable too - if we can't really, truly prove people guilty in many computer crime cases from forensic analysis when you have access to the physical machine what kind of joke is it if you're going on an IP address and nothing more?

I hope eventually as judges and politicians become more IT literate this trend reverses, if it doesn't then it's going to be a sad future for justice as the level of evidence becomes ever weaker yet the use of electronic devices and hence the amount of electronic crimes increases. We're going to end up with a lot of innocent people in jail.

RoyMNH0977 post

[Windrip]

Re: traceroute logs:

It is apparent from the log that the operation has failed for the MediaSentry software, as the log shows neither the addresses nor names of the intermediary hosts nor realistic timings of packet round-trips between them and the MediaSentry computer. The fact that this standard operation has failed suggests flaws, or "bugs", in either the MediaSentry software, or in its system or network congurations, or both.

Karma for the post of this log. That should provide a few minutes of fun. I can only image what Dr. Bratus thought when he saw it.

Finally!

[rahvin112]

The professor brings up the clear point I advocated in the first question to slashdot. There is no evidence whatsoever that Mediasentry had atomic calibrated clock information and the ISP did as well. All this evidence is based on a time stamp that could be anything, not to mention the role of Timezones. Without calibrated times at both the ISP and MediaSentry there is no validity to the evidence.