Slashdot Mirror
NY Judge Rules IP Addresses Insufficient To Identify Pirates
milbournosphere writes "New York Judge Gary Brown has found that IP addresses don't provide enough evidence to identify pirates, and wrote an extensive argument explaining his reasoning. A quote from the judge's order: 'While a decade ago, home wireless networks were nearly non-existent, 61% of U.S. homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals. Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff's film.' Perhaps this will help to stem the tide of frivolous mass lawsuits being brought by the RIAA and other rights-holders where IP addresses are the bulk of the 'evidence' suggested."
Does this ruling apply if someone downloads child porn, makes bomb threats, discusses with terrorists or other larger crimes? Just saying it should be consistent if pirates get a pass.
Some of them are teachable.
Non bene pro toto libertas venditur auro
Different family members, or even visitors, could have performed the alleged downloads.
Or your computer may be (probably is) compromised, and anyone on the planet could be doing it.
that it will stem the tied of frivolus mass lawsuits. My guess is they will just pick a different tactic. I suspect that we will see some court decisions and or laws past that will make the person paying for the service assocated with the IP address responsible for all traffic that is sent or received.
Soon a law prosecuting unsecured network owners...
My IP address changes a few times a week depending on what AT&T is doing - I have a plain old DSL. I mean if someone who was pirating something on a particular IP logs off and my router bounces or re-logs in, I'll have the pirate's previous IP within seconds.
Don't know why it wasn't in the writeup. This ruling was in the federal court for New York's East District, which I think (IANAL) means it is precedent there (but not necessarily elsewhere in the country)
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
It's not unreasonable for a home (ie, non-commercial, not another ISP, etc) subscriber to a subscription service such as Internet to be accountable for the activities of other people who use the services in his home. As a parent, I'm held responsible for the activities of my children. I see no reason why I, as an ISP subscriber, should not be also accountable for what people do with a network connection that I pay for. If I don't trust someone to do things that I don't want them to, I shouldn't be letting them on my network.
And as for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
This comment will probably be misinterpreted as as a troll, but it's not. I'm just a hard-ass who follows the rules and it just plain pisses me off that some other people figure they can ignore them just because their chance of being caught is infinitesimal.
File under 'M' for 'Manic ranting'
About time--and even if its only applicable for NY, at least someone has it right and maybe other judges will read his writing.
I've always said English was my second language. Had Romeo and Juliet been written in C, I might have understood it.
If this ruling stands, I wonder if **AA will start pushing for IPv6. It'd be their best interest to eliminate NAT to protect their new revenue stream of suing their consumers. Years of technical arguments never got traction, but maybe a Judge just kicked us over the hump.
Something or other about the ends not justifying the means.
1337
This simply means the blame will rest squarely on the subscriber. Whoever gets the bill. So if you live in your parents' basement, it's all good!
No.
They just choose a different venue with a more-compliant judge. Just as MPAA found a Congressman willing to be their new CEO.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Thank you Judge Gary Brown
AccountKiller
And on my block there are hundreds of unsecured wireless routers, cellphones acting as hotspots, and laptops and iPads.
Even though I secure my wireless N router, anyone using Google warganging software from their streetview team could still slurp up all the IPs and then brute fake it on another device.
The judge is right.
-- Tigger warning: This post may contain tiggers! --
No shit, Sherlock.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Since most IP addresses are owned by corporations, and only leased or rented by people, and since Corporations are not People, then obviously the thing to do is arrest the Corporation.
-- Tigger warning: This post may contain tiggers! --
So if a Chinese bot network rooted your connection, obviously we should arrest China.
Works for me!
-- Tigger warning: This post may contain tiggers! --
... like me, then another person could have surreptitiously broken into my house and just used the wired LAN. Farfetched? Sure, but I'm just putting it out there for any future defense that it *could* happen - damn "only want to steal my bandwidth" thieves.
It must have been something you assimilated. . . .
Stop trying to slurp my network from the coffee shop, homeless guy ...
-- Tigger warning: This post may contain tiggers! --
If a court actually rules on a case that they have jurisdiction over, then there is precedent. Doesn't mean other courts will always respect the precedent, but it is a precedent, it can be cited in cases throughout the country, and so on. It is case law.
What is not precedent is when there is a settlement. If the court doesn't actually rule, no precedent is created.
Would this mean, then, that fines would be applied against the homeowner or internet-service owner? Afterall, when they catch you speeding with photo-radar, they don't apply traffic tickets against the driver (they don't know for sure who the driver might be), but you still have to pay a fine and it's sent to the owner of the vehicle - something you can't get out of by simply going "Gee, I don't know who that driver might be, I guess I don't need to pay the ticket!"
The FBI does their homework. They don't try to take someone to court based on an IP address. They get more evidence, a whole lot more, because they have a higher standard to meet than civil court (beyond a reasonable doubt instead of preponderance of the evidence).
I haven't read the ruling but I very much doubt the judge said an IP address couldn't be used AT ALL, just that it alone is not grounds for "identification" and as such filing a lawsuit against a person. They'd need to do more work.
Hey, we can finally get IPv6 adopted everywhere now that the entertainment mafiaas will lobby for every system to have a unique address.
A lot of people still have WEP only routers. My parents are some of those people. They are not tech people, they bought a router back in the day when WEP was all you got. It still works so they won't get a new one.
They aren't the only ones either. While I don't see a whole lot of APs from my house, of the ones I do see two are WPA1, two are WEP, none (except mine) are WPA2.
And if we want to start to make it illegal to have bad security, well then we first need to start with door locks. Residential houses always have shitty locks. They are just regular ass locks from Home Depot that are vulnerable to bumping, ice picking, have no key control, and so on. You can get better locks no problem, they just cost a whole lot more so people don't bother.
However if you want to say "You have to buy a new router any time the old ones are found to have security issues, otherwise you are liable for any breakins," then I think you also have ot say "You have to buy better locks, otherwise you are liable for any breakins."
This is a great argument. Unfortunately, once we are all moved to IPv6, and with help of IPv6 zealots who are against NAT privacy protection "on a principle" - each device behind home router will receive its very own unique IP (perhaps more than one, if temporary IPs are used, but certainly unique address). Once that is in place, the argument no longer holds and we are back to square one.
I certainly hope that Linux network stack crowd (because they are the ones whose product will be used, as is customary, in large chunk of wifi routers and other home network devices) will get something done before copyright holders wisen up, and poke Comcast/Cox cable/Verizon to roll out IPv6 to end users.
How about something more realistic: one of the numerous computers connected to your LAN might have been infected with malware, and a remote attacker used your connection to break the law. It has happened in the past:
http://www.itworld.com/security/84077/child-porn-malwares-ultimate-evil
Palm trees and 8
"which unlike traditional telephones can be operated simultaneously by different individuals"
Does anyone remember party lines. several houses with the same line, and you had to listen to a specific ring.
“Common sense is not so common.” — Voltaire
So its only insufficient because your wireless might be insecure? Does that mean that if they can prove that your particular setup was reasonably secure, then it _was_ your responsibility? So you should leave a spare wireless router open for plausible deniability?
[/sarcasm]
for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
Before showing contempt for those who run open wireless nodes, please read what Bruce Schneier writes about the courtesy of sharing network access.
I'm just a hard-ass who follows the rules
Perhaps you follow some set of rules that you picked up somewhere, but there is no compelling foundation in law or ethics for requiring restricted access on network nodes.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
to nominate Gary Brown to the Supreme Court!
From TFA:
the logic of “IP address = person” — which was once reasonably valid
That logic was never vaguely reasonable if the equation is taken to be a reliable identification for any legal purpose.
If someone comes into court with an IP number, one needs to know a whole lot about how that number was discovered in order to consider giving them any credibility in associating some misbehavior with a person who is supposedly associated with that number. Mere knowledge of my name, or my car's license plate number, or my US mail address, or even an envelope with my US mail address on it, doesn't associate me reliably with any particular behavior. I couldn't find any mention in TFA of the evidence that the IP numbers quoted in court were used by any particular person to violate any particular law. I haven't found such information in other articles on this topic, nor in some court documents that I read. There could be such evidence (with different required strengths for different sorts of legal actions), but it is not a simple thing and it needs a thorough explanation.
What sort of packet was collected with the allegedly offending IP number? Was that number the destination or the return address? Was the collection itself legitimate, or was it an illegal act of eavesdropping? What evidence (not neccessarily strong evidence, maybe just prima facie) indicates that the IP number was written into that packet due to some illegal action by a person associated through an ISP with that number? Until I see some serious explanations of these points, I can't develop much sympathy for the demand that an ISP identify a customer, much less for an accusation against that customer.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
Apologies in advance: I can't resist a bit of silliness. In the famous monologue about Albert and the Lion (written by Marriott Edgar, most famous performance by Stan Holloway, who also portrayed Mr. Dolittle in My Fair Lady), a lion at the Blackpool zoo ate young Albert Ramsbottom. Mr. and Mrs. Ramsbottom went in front of the magistrate, "told 'im what happened to Albert, and proved it by showing his cap."
So we can go in front of a judge, claim that someone has violated a copyright, and prove it by showing his IP number?
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
Fierce!
My Open Wireless Network
Finally a Judge with common sense, just blame the wireless hackers!
So we shouldn't secure our wireless routers after all?
While agree with the Judge, it's not nearly going far enough. I used to work in a department that handled copyright infringement complaints for a large ISP. When the copyright owner makes a complaint, by law the ISP is required to take action. But there are multiple problems with the entire premise.
1. The complaint comes in via an unverifiable email. The ISP has no idea who really sent it. As any ISP knows, spoofing an email is about the simplest thing for a teenage hacker to perform.
2. Even if the ISP could verify the sender, they have no idea if the sender is really the content owner. In fact, the ISP has absolutely no way to find out who the content owner is. This is something, that by its very definition would need to be decided in a court of law.
3. The ISP has no idea if the person sending the email is telling the truth in the least. Even if they are telling the truth they have no idea how competent their methods are. All they have is an email that says they "saw" the user download some content they own. They could have made it up, they could have terrible methods for detection. I believe there was one case where a university student managed to get DMCA notices sent to several campus printers IP addresses.
4. And most importantly, the ISP KNOWS most of the complaints are total BS. I personally saw at least 25% of the complaints that came in were against IP addresses that didn't have customers on them... or belonged to network devices we owned.
The entire premise that someone can connect to a torrent and then say that every IP address that their software tells them is connecting to that torrent is a pirate is asinine. There's a simple solution to your problem media industry... stop price gouging. Work WITH and not against netflix, pandora, and the like. Make it easier to pay you than it is to pirate... and the pirate community will die. Humans follow the path of least resistance. It's illegal to run red lights, but people still do it all the time, because it's easier than stopping. How do they really stop people from red lights? Take them out and put in a round-a-bout.
Will this instead become cause for a nearly blanket search warrant? Seize *all* computer gear in the house to search for most any 'improperly copied' material.
It would if there was something like child porn or real terrorism going on.
---- Booth was a patriot ----
Recent anti-piracy law here in New Zealand holds the registered user of the ip address at the time of the 'infringement' liable/responsible.
This gets around the problem of drive-by users or the neighbor using my Wifi for nefarious purposes - I'm responsible for all traffic originating from the IP.
Not strictly fair, but thats the law.
I have written about this before but it's still important...
No only can multiple persons in a household and/or devices share an IP in an authorized way (each family member may have one or more devices online and they all share the same IP)... and not only can a Wifi-connection be illegally accessed either because it's unsecured or because it was hacked... there are known actual cases where even more ways to illegally share someone elses IP can occur:
1) One of the known devices was compromised (like a computer with an active backdoor) - this is pretty common
2) A neighbor physically breaks in and connects himself to the household network in secret using a hidden network cable
3) A neighbor physically breaks in and installs his own wireless access point and hides it - no cables will lead to the thief if discovered
4) A neighbor physically breaks in and uses network-over-powerlines adapters to connect to the household network
I guess only the imagination limits the possibilities here. Only a thorough search would reveal some of these, so without such a search they cannot be ruled out, and most can be quickly removed without leaving a trace so unless the search is conducted right away, it's pretty useless.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
This will apply pressure to get everyone a fixed IP (V6) address.
Maybe one of you TCPIP people can clarify this.
If I go to the post office, I can mail a letter and the letter can have any return address I want to put on it.
Now what about TCPIP. Anyone stopping you from sending packets?
And DHCP logs -- always up, always showing the expirations upfront and any changes. The DHCP server doesnt give an address unless the log is commited and pushed to disk. I thought the internet was a little more happy go lucky that that. But no?
Ever had problems with your phone bill.
All this logic and stuff in the article. Partial credit for effort?
Is Insightful different from Insiteful. Does insightful mean telling me something I don't know?
Leslie Satenstein Montreal Quebec Canada