Slashdot Mirror
NY Judge Rules IP Addresses Insufficient To Identify Pirates
milbournosphere writes "New York Judge Gary Brown has found that IP addresses don't provide enough evidence to identify pirates, and wrote an extensive argument explaining his reasoning. A quote from the judge's order: 'While a decade ago, home wireless networks were nearly non-existent, 61% of U.S. homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals. Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff's film.' Perhaps this will help to stem the tide of frivolous mass lawsuits being brought by the RIAA and other rights-holders where IP addresses are the bulk of the 'evidence' suggested."
Does this ruling apply if someone downloads child porn, makes bomb threats, discusses with terrorists or other larger crimes? Just saying it should be consistent if pirates get a pass.
Some of them are teachable.
Non bene pro toto libertas venditur auro
Different family members, or even visitors, could have performed the alleged downloads.
Or your computer may be (probably is) compromised, and anyone on the planet could be doing it.
that it will stem the tied of frivolus mass lawsuits. My guess is they will just pick a different tactic. I suspect that we will see some court decisions and or laws past that will make the person paying for the service assocated with the IP address responsible for all traffic that is sent or received.
Don't know why it wasn't in the writeup. This ruling was in the federal court for New York's East District, which I think (IANAL) means it is precedent there (but not necessarily elsewhere in the country)
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
About time--and even if its only applicable for NY, at least someone has it right and maybe other judges will read his writing.
I've always said English was my second language. Had Romeo and Juliet been written in C, I might have understood it.
Right, because we should expect 100% of the US population to understand network security and know how to properly secure a wifi router. Makes perfect sense!
There's no -1 for "I don't get it."
If this ruling stands, I wonder if **AA will start pushing for IPv6. It'd be their best interest to eliminate NAT to protect their new revenue stream of suing their consumers. Years of technical arguments never got traction, but maybe a Judge just kicked us over the hump.
Something or other about the ends not justifying the means.
1337
No.
They just choose a different venue with a more-compliant judge. Just as MPAA found a Congressman willing to be their new CEO.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Thank you Judge Gary Brown
AccountKiller
If someone steals your car and crashes it into a bus full of children you're not criminally liable. You're unlikely to be found liable in a civil court for wrongful death, depending on jury.
If you lend someone your car and they crash it into a bus full of children then you're not criminally liable unless you are found to have known that it was likely the crash would occur. Say, if your friend were drunk or didn't have a license at the time. I think you're still unlikely to be found liable for wrongful death, again unless you could have known it was likely to occur, but that would be much more jury-dependent, I think.
So yeah, I don't think you should be liable unless you knew nefarious happenings were going on with your internet for people that are not your legal minor dependents.
Right, because we should expect 100% of the US population to understand network security and know how to properly secure a wifi router. Makes perfect sense!
Also, this.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Because there's an incredible technical burden on a layperson to expect him/her to maintain full stewardship over their internet connection. What if someone roots their computer, or cracks the encryption on their router? Do you expect them to watch WireShark 24 hours a day to make sure all of the packets are legitimate? I could give a shit if you follow the rules (and you should too), because someone could ruin your life despite your good intentions (e.g. accessing your internet connection in a way you weren't expecting, and downloading kiddie porn) and your life is over despite your good intentions.
>>> home subscriber... to be accountable for the activities of other people who use the services in his home
Agreed.
And while we're at it, if a visitor knifes another visitor while in your home, YOU should be held responsible for assault because it's your house and kitchen knife. You get the 10 years in jail while the killer walks free. (No wait... I think I find a flaw in your "I am responsible for all activies in my house" logic.)
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
And on my block there are hundreds of unsecured wireless routers, cellphones acting as hotspots, and laptops and iPads.
Even though I secure my wireless N router, anyone using Google warganging software from their streetview team could still slurp up all the IPs and then brute fake it on another device.
The judge is right.
-- Tigger warning: This post may contain tiggers! --
Right, because we should expect 100% of the US population to understand network security and know how to properly secure a wifi router. Makes perfect sense!
Exactly, and i will take it one step further. What if they do thier best to secure their device but it only allows the use of protocols with know security issues. Think WEP when that was about all there was for a home user. Hell my parents got a new cable modem/router/access point from their ISP and the thing only supprted WEP. That was last year! I also think people should be able to share their wifi with whoever they want and not have to worry about being held responsible for what someone else does with it.
It's not unreasonable for a home (ie, non-commercial, not another ISP, etc) subscriber to a subscription service such as Internet to be accountable for the activities of other people who use the services in his home. As a parent, I'm held responsible for the activities of my children. I see no reason why I, as an ISP subscriber, should not be also accountable for what people do with a network connection that I pay for. If I don't trust someone to do things that I don't want them to, I shouldn't be letting them on my network.
It's not unreasonable to say that since you signed the contract with the ISP, you are responsible to the ISP for the use of that service. If you are allowed 10 GB of downloads plus extra data at $10 per GB, and I download 100 GB at your home, then the ISP can come to you for the money. You may then sue me to recover the money.
However, if the service is used for copyright infringement or more serious crimes, that has nothing to do with the contract between you and the ISP. If you had quit the contract but the ISP hadn't turned off the service yet by mistake, the same crime would have happened. As far as you are responsible for your children because you are the parent, surely you would be responsible if they downloaded stuff at my home and not at yours.
Not flaming here. However, how can you be sure that your visitor using his own device is not doing something illegal? The answer is that you can't know, especially if you, like the vast majority, are not a computer expert. It's too easy to hide a process that is sitting around cracking passwords or downloading movies.
And that doesn't even take into account the fact that even a reasonably secured access point is crackable in a reasonable time frame, mac addresses are generally trivially spoofable, and so on. Thus, because wireless is easilly accessed compared to hard-wired networks, it is a reasonable argument that even a consciencious home network operator may not be aware of the infringing activity which may not even be happening on his property where he can see it.
And finally, the insanely stupid argument: are you going to hold the homeowner responsible for a burglar using his network to download illegal files? After all, a burglar is clearly not authorized by the homeowner but he will also appear to come from the IP address. Thus it is reasonable that the person alleging wrongdoing should have something other than an IP address.
If it works in theory, try something else in practice.
It takes about 60 seconds to teach somebody to secure their wireless router. The only remotely time consuming part is getting them to believe that it's actually a smart idea. Generally, the analogy of leaving one's house with their front door unlocked tends to convey the right amount of concern that most people are willing to do it... particularly when it is so easy to do.
File under 'M' for 'Manic ranting'
No shit, Sherlock.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Since most IP addresses are owned by corporations, and only leased or rented by people, and since Corporations are not People, then obviously the thing to do is arrest the Corporation.
-- Tigger warning: This post may contain tiggers! --
It's a fair point.
But you do realize that your opinion puts you personally on the hook for $150k per song fines if someone else uses your IP address.
The judge is basically saying, "IP address is not a finger print, not a unique identifier".
I don't follow the rules as much as I used to, because the rules are no longer as fair and reasonable as they were 30 years ago. You may have heard that the average citizen commits 3 felonies a day now without being aware of it.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
By the same logic, you would say that your ISP is accountable for the actions of those who use their service. A ridiculous notion.
So if a Chinese bot network rooted your connection, obviously we should arrest China.
Works for me!
-- Tigger warning: This post may contain tiggers! --
No it doesn't.
Actually, yes. Between the buttons you can press to do it automatically, the instructions in the box that make it dead easy, the fact that you usually have to do it to even get it to work at all, and the fact that millions of people around the country would be happy to do it for a few bucks, I think it's reasonable.
It's a bog-simple procedure with potential consequences for not completing. We expect people to do their taxes, and this is substantially easier, quicker, and cheaper than that. In any case it's not a requirement, just highly recommended to prevent your ass from being burned by someone else. Even if this guy didn't download the porn, he spent a lot of his time in a federal court.
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
... like me, then another person could have surreptitiously broken into my house and just used the wired LAN. Farfetched? Sure, but I'm just putting it out there for any future defense that it *could* happen - damn "only want to steal my bandwidth" thieves.
It must have been something you assimilated. . . .
And as for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
I think the grey area is in the unlocked wireless routers. These are often/usually provided pre-configured by the ISP, and the user might not ever change the settings. The ISP's are securing them (at least Verizon FIOS does in my area) but an average user that adds their own wireless access point may not know all the ins and outs of configuration. I applaud the judges ruling as it does require a bit more investigation before allowing lawsuits that are IMHO frivolous and intended to annoy and intimidate rather than actually protect artists.
"We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan
Stop trying to slurp my network from the coffee shop, homeless guy ...
-- Tigger warning: This post may contain tiggers! --
If I don't trust someone to do things that I don't want them to, I shouldn't be letting them on my network.
If ISPs did this, no one would have interest. If an ISP was fined for every time someone else transferred bomb threats, child porn, or copyrighted material; they would go out of business by the next day. You are forgetting the only real different between the Internet and a home network is scale.
It's not unreasonable for a home (ie, non-commercial, not another ISP, etc) subscriber to a subscription service such as Internet to be accountable for the activities of other people who use the services in his home. As a parent, I'm held responsible for the activities of my children. I see no reason why I, as an ISP subscriber, should not be also accountable for what people do with a network connection that I pay for. If I don't trust someone to do things that I don't want them to, I shouldn't be letting them on my network.
And as for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
This comment will probably be misinterpreted as as a troll, but it's not. I'm just a hard-ass who follows the rules and it just plain pisses me off that some other people figure they can ignore them just because their chance of being caught is infinitesimal.
Firstly if we are talking about visitors to your home, any adults should be responsible for their own behavior and if there are children involved then THEIR parents should be responsible. Furthermore, how do you know malware on your visiting uncle Bob's laptop didn't do it (and yes this could still happen even if Bob had taken reasonable precautions against it)? The point is that in this situation all of this would end up on your doorstep, it would be like being held responsible for something a care thief did with your stolen car.
If a court actually rules on a case that they have jurisdiction over, then there is precedent. Doesn't mean other courts will always respect the precedent, but it is a precedent, it can be cited in cases throughout the country, and so on. It is case law.
What is not precedent is when there is a settlement. If the court doesn't actually rule, no precedent is created.
Would this mean, then, that fines would be applied against the homeowner or internet-service owner? Afterall, when they catch you speeding with photo-radar, they don't apply traffic tickets against the driver (they don't know for sure who the driver might be), but you still have to pay a fine and it's sent to the owner of the vehicle - something you can't get out of by simply going "Gee, I don't know who that driver might be, I guess I don't need to pay the ticket!"
It takes about 60 seconds to teach somebody to secure their wireless router. The only remotely time consuming part is getting them to believe that it's actually a smart idea.
I think you've got those backwards.
OK, listen, if you leave this unlocked then anyone who finds it can download anything. They can download child porn, illegal movies, terrorist documents, whatever, and it's all linked to you.
Well that sounds bad, better lock it up.
Right. OK, so the first thing you do is open your browser and go to one nine two dot one six ...
Wait, what's a browser?
Just double-click on the blue "E".
Got it. OK, I type in one nine two ...
Wait, not in the Bing search bar, you type it into the address field.
What's the address field?
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
The FBI does their homework. They don't try to take someone to court based on an IP address. They get more evidence, a whole lot more, because they have a higher standard to meet than civil court (beyond a reasonable doubt instead of preponderance of the evidence).
I haven't read the ruling but I very much doubt the judge said an IP address couldn't be used AT ALL, just that it alone is not grounds for "identification" and as such filing a lawsuit against a person. They'd need to do more work.
Your assigned IP's are logged for something like 6 months-2 years. Mistakes can be made, but most of the time, they shouldn't "accidentally" pick you.
If your arguments are true, then if your car is caught on photo-radar speeding, can you use the "maybe someone borrowed my car, but I'm not quite sure who it might be" defense to avoid paying the traffic fine?
Hey, we can finally get IPv6 adopted everywhere now that the entertainment mafiaas will lobby for every system to have a unique address.
A lot of people still have WEP only routers. My parents are some of those people. They are not tech people, they bought a router back in the day when WEP was all you got. It still works so they won't get a new one.
They aren't the only ones either. While I don't see a whole lot of APs from my house, of the ones I do see two are WPA1, two are WEP, none (except mine) are WPA2.
And if we want to start to make it illegal to have bad security, well then we first need to start with door locks. Residential houses always have shitty locks. They are just regular ass locks from Home Depot that are vulnerable to bumping, ice picking, have no key control, and so on. You can get better locks no problem, they just cost a whole lot more so people don't bother.
However if you want to say "You have to buy a new router any time the old ones are found to have security issues, otherwise you are liable for any breakins," then I think you also have ot say "You have to buy better locks, otherwise you are liable for any breakins."
This is how you sound to the average Joe.
"I see no reason why I, as a passenger, should not know how to build a 747 from scratch."
I see no reason why I, as an ISP subscriber, should not be also accountable for what people do with a network connection that I pay for.
Here is a relevant anecdote that a friend of mine in the security research community gave me: the police were investigating a child pornography case, and the determined the address of the person paying for an Internet connection that had come up during that investigation. When the police showed up, a pair of old ladies who were barely able to operate their computer were living there; they did not fit the profile for that crime, and there was no evidence of child pornography in their home.
Down the block, someone had a high-gain antenna mounted on his roof, pointed at the house where the police were.
The reason you do not want to be responsible for what happens over your Internet connection is that there is no guarantee that you are its only user. You think putting a passphrase on your wireless network is enough to protect you? You or a relative might accidentally install some malware; a guest with malware on his laptop might stay overnight; there might be a vulnerability in WPA; your router might be hacked; someone you trust might just do something stupid; etc., etc., etc. There are a lot of ways that your Internet connection could be used by someone else.
I'm just a hard-ass who follows the rules
Are you sure you have not broken any laws over the past 12 months? Why not take a look through some law books and double check that for us...
Palm trees and 8
This is a great argument. Unfortunately, once we are all moved to IPv6, and with help of IPv6 zealots who are against NAT privacy protection "on a principle" - each device behind home router will receive its very own unique IP (perhaps more than one, if temporary IPs are used, but certainly unique address). Once that is in place, the argument no longer holds and we are back to square one.
I certainly hope that Linux network stack crowd (because they are the ones whose product will be used, as is customary, in large chunk of wifi routers and other home network devices) will get something done before copyright holders wisen up, and poke Comcast/Cox cable/Verizon to roll out IPv6 to end users.
Actually, when they tried to install some red-light cameras near me that automatically sends tickets to people who run red lights, the courts ruled that nobody was obligated to pay those tickets -- a police officer needs to hand the ticket to the driver of the vehicle, who may not be the owner. It is absurd to claim that a license plate identifies a person, just like it is absurd to claim that an IP address does so.
Palm trees and 8
If they can't prove that it was you in the car, then yes. I've always thought that it's ridiculous that you're basically punished before you even see a judge. The cop should have to provide actual evidence before being able to dish out punishment (although they'd need to stop you to get your name to begin with).
And as for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
I'm glad to hear you say that! When I let myself into your home while you are at work, you just accepted all the blame for anything and everything I do!
After all, people who can't properly secure their front door or windows such as yourself, we have zero sympathy for."
Perhaps you should fix that problem and install a 6" 40 bolt security door, and cement all your fragile shaterable glass windows up. Such lax security on your part would require you to turn yourself in to the police after I let myself in, take all your unsecured stuff, and use your unsecured telephone to call in a hostage situation.
Most people would simply blame ME for the crime I committed, but not hard asses like us, right?
How about something more realistic: one of the numerous computers connected to your LAN might have been infected with malware, and a remote attacker used your connection to break the law. It has happened in the past:
http://www.itworld.com/security/84077/child-porn-malwares-ultimate-evil
Palm trees and 8
We expect them to be able to operate a motor vehicle safely and keep it in good repair
Because if they don't someone could get killed; who's going to die if my grandpa doesn't set up a WEP key?
compute their taxes,
Because someone has to pay for the government to operate. For the record, there's no law that says you have to "compute [your] taxes" - you are more than welcome to send the IRS a check for however much you like. Just know if the amount you send isn't sufficient, you will be held accountable.
maintain their home
Again, because if you don't someone could get killed.
keep themselves and their family and pets in good health
Uh, yea, obviously not a law; as an example, this one is absolutely stupid.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Yup.
Which is why I don't let my kids friends connect to my wifi, even when they ask nicely. I have no problem if they want to use the family computer, however.
Like I said... I'm a hard-ass.
That said... I'll agree that an IP address is not a fingerprint... but it does identify the home subscriber, and I really don't see a problem with subscribers to services being held responsible for how those services are used by people who they gave permission to. As for people who didn't have permission, that would constitute unauthorized computer access, and is also a criminal offense. One would be remiss to not file a police report upon discovery, and cooperate with the police to discover the perpetrator. To not do this, in fact, would be indication of implied consent of the activity, and therefore you'd be held responsible again.
File under 'M' for 'Manic ranting'
"which unlike traditional telephones can be operated simultaneously by different individuals"
Does anyone remember party lines. several houses with the same line, and you had to listen to a specific ring.
“Common sense is not so common.” — Voltaire
Whether "scale" is the only difference between them doesn't change the fact that anybody with an iota of sense can tell the difference between them.
File under 'M' for 'Manic ranting'
So its only insufficient because your wireless might be insecure? Does that mean that if they can prove that your particular setup was reasonably secure, then it _was_ your responsibility? So you should leave a spare wireless router open for plausible deniability?
[/sarcasm]
for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
Before showing contempt for those who run open wireless nodes, please read what Bruce Schneier writes about the courtesy of sharing network access.
I'm just a hard-ass who follows the rules
Perhaps you follow some set of rules that you picked up somewhere, but there is no compelling foundation in law or ethics for requiring restricted access on network nodes.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
First of all, I don't typically allow visitors to connect to my wifi just because they are in my home. They are welcome to use the family desktop computer, however.
Second, it "ending on my doorstep" as it were, would only be an issue if I were giving permission to people to do stuff that they shouldn't be anyways. I don't... so it won't. If somebody hacks into my network without my consent (which I don't consider a very plausible scenario, but I address it for sake of completeness), I will file a police report of unauthorized computer network use as soon as the use is discovered, and cooperate with the police to find the perpetrator, providing whatever logs or evidence they might require.
File under 'M' for 'Manic ranting'
It is the similarities are that important here. Why should someone who sells network access to a lot of people have less responsibility than those who give it away to a few. If I believed that either party was responsible, I would argue the reverse! People should only be responsible for their kids' actions and there own actions. Not someone else's.
As for people who didn't have permission, that would constitute unauthorized computer access, and is also a criminal offense.
True. But it would never come to that, since the law is a lazy evaluation system and bails out after finding the first perpetrator and the the first offense: the subscriber, and whatever heinous thing the subscriber is accused of. In that case, "someone else did it" becomes just an ineffective defense, and the prosecution gets what it wants anyway: a conviction.
Justice? That's not the point, amiright? Sure, I'm right.
One would be remiss to not file a police report upon discovery, and cooperate with the police to discover the perpetrator. To not do this, in fact, would be indication of implied consent of the activity, and therefore you'd be held responsible again.
Exactly.
Let me guess. You sell network security tools or intrusion detection systems, right? "The only way you're gonna avoid getting busted for whatever happens from your IP address is if you watch your network obsessively... and my $PRODUCT will do that for you."
And of course, no one has ever been accused of and publicly pilloried for a crime they didn't commit, but reported to proper authority. Reporting a criminal event on your own property, committed with your own resources, is tantamount to turning yourself in and confessing to the crime. Thanks for playing.
Welcome to the Panopticon. Used to be a prison, now it's your home.
From TFA:
the logic of “IP address = person” — which was once reasonably valid
That logic was never vaguely reasonable if the equation is taken to be a reliable identification for any legal purpose.
If someone comes into court with an IP number, one needs to know a whole lot about how that number was discovered in order to consider giving them any credibility in associating some misbehavior with a person who is supposedly associated with that number. Mere knowledge of my name, or my car's license plate number, or my US mail address, or even an envelope with my US mail address on it, doesn't associate me reliably with any particular behavior. I couldn't find any mention in TFA of the evidence that the IP numbers quoted in court were used by any particular person to violate any particular law. I haven't found such information in other articles on this topic, nor in some court documents that I read. There could be such evidence (with different required strengths for different sorts of legal actions), but it is not a simple thing and it needs a thorough explanation.
What sort of packet was collected with the allegedly offending IP number? Was that number the destination or the return address? Was the collection itself legitimate, or was it an illegal act of eavesdropping? What evidence (not neccessarily strong evidence, maybe just prima facie) indicates that the IP number was written into that packet due to some illegal action by a person associated through an ISP with that number? Until I see some serious explanations of these points, I can't develop much sympathy for the demand that an ISP identify a customer, much less for an accusation against that customer.
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
bypass the idiot suggestion of "opening a browser".
Click the start button and type http://192.168.0.1/ ..... or whatever (may need to select "run" on XP)
In the future don't do tech support. You're not qualified to even support your mom(grandma).
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Apologies in advance: I can't resist a bit of silliness. In the famous monologue about Albert and the Lion (written by Marriott Edgar, most famous performance by Stan Holloway, who also portrayed Mr. Dolittle in My Fair Lady), a lion at the Blackpool zoo ate young Albert Ramsbottom. Mr. and Mrs. Ramsbottom went in front of the magistrate, "told 'im what happened to Albert, and proved it by showing his cap."
So we can go in front of a judge, claim that someone has violated a copyright, and prove it by showing his IP number?
Mike O'Donnell http://people.cs.uchicago.edu/~odonnell/
If you are going to suggest that inadvertently allowing one's speed to drive only a few kph over the posted limit on a highway or main thoroughfair for a minute or two is against the law, then yes I have. Anybody who claims they haven't is, I would expect, a liar (or simply does not drive).
For what it's worth, however, I don't deliberately speed. Ever. And when I do realize that my speed has drifted above the limit, I will ease up on the gas to bring my speed in line with the regulation.
File under 'M' for 'Manic ranting'
Even if one configures their wireless router to use the latest, most recommended security protocols, their security is still not proven. Guaranteeing that a cryptosystem is secure (for almost any sane formal definition of the word secure you may pick) is probably not a decidable problem, or is very far from our reach. The problem becomes tremendously more difficult if you also consider possible implementation flaws (hardware and software). In such a context, couldn't one simply claim that "just because there's no publicly-known weakness in WPA2 or its implementation, this does not imply that no-one in the world is aware of such a weakness and is capable of exploiting it". At this point, I assume some slashdotter with come up with analogy to the above like the following: "just because my house has a lock with no known flaws and some-one has been murdered in my living-room, it doesn't mean it was not me. It could simply have been someone who knows to break my so-called perfect lock, bringing a corpse into my house and then leaving."
If somebody steals my car, that's a criminal offense right there.
If somebody breaks into my computer network without my authorization, that's also against the law right there. Full stop.
No... obviously I should not be responsible for what somebody else does with my property if they have broken the law to get to the point of using it in the first place. But I'd file a police report (bearing in mind that it is criminal to file a false one), and be cooperating with the police to whatever extent they requested to discover who it was, if it was possible.
If I lend somebody my car... I'm taking a calculated risk that they aren't going to do something really stupid with it that they aren't likely going to be held accountable for. If I don't trust them to not do something that stupid, I won't lend them my car. Simple. Ditto for access to my wifi.
File under 'M' for 'Manic ranting'
from your link:
How on earth did anyone think the 4 digit confirmation was a good idea?!?!? Wow.
I run an open access point, sharing my connection with a few neighbors who donate a few bucks a month rather than sign up for an expensive connection they don't need for more than checking email. I'm planning to open an unencrypted access point, bandwidth limited to 2600baud just for s&g. Why? Because I live in a college town filled with geeks. If one of them wants in, they'll find a way. Safer for me to keep something open and let them know they are being toyed with; besides the challenge of keeping the wifi and wired networks separate is fun.
I broke the WEP encryption on my parent's wifi when I first set it up for them. It was all that was available at the time, and using some linux tools I was able to take a computer with no knowledge of the network and first sniff it out and then bash my way in. MAC authintication is worthless, since I had a nice old pcmcia card that used a software set-able MAC address. WPA and WPA2 are vulnerable to deauthentication attacks; unless you spend some time setting up a RADIUS server.
So, since you have no sympathy for the unsecured wifi network users, you must maintain a RADIUS server, right? If not, would you might giving me a rough idea of where your wireless devices are, so I can prove just how unsecured they are?
It's cute the way you just assumed the thing was turned on/plugged in in the first place. From what friends in tech support have told me, that's hardly a given.
All your arguments are predicated on some shaky assumptions, rather than downmodding you, I'll comment.
You keep harping on unauthorized access, to wit, how would you know? Likely you would not know until you've gotten a police visit or a subpoena.
If I am going to leach your bandwidth I'm going to do two things:
Profile your usage, clone your MAC address.
you look at your router and all you see is your machine connecting.
I'm not connecting when you are likely to be using your system. You're at work or asleep when my cron job fires off to clone your MAC and connect to your AP, fires up BT and downloads a crapload of movies.
Taking this further, if I wanted to frame you up for something I would try to connect to another machine in your network and breech it, once I've mounted your filesystem I place a weekly encrypted* container file full of whatever I think is illegal, but believable in some obscure dir on your computer, downloaded from your IP.
Lets say I'm mobile and this is a "drive by" attack to Tx/Rx some sensitive and illegal data (perhaps the latest target for a suicide bombing in the US? Perhaps CP?). I breech your security (what is it, 30 seconds to break WEP, 6 min to break WPA?) and do whatever it is I was going to do. I can do the breech in a short enough amount of time to not arouse suspicion, and the actual downloads can be pre-canned scripts that run while the machine is tucked under the seat of the car. Meanwhile I go for a walk at the nearby park. In this case by the time you see an unauthorized MAC I'm gone, and you can't ID me.
The point is, even without direct malice you can be in a bad place really quick; a place where guilt appears to be presumed and innocence must be proven.
-nB
*say a compatible mode zip file with a dictionary word password?
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Using that logic, all ISPs would be responsible for the actions of their users.
If they didn't have billions of dollars and in-house legal teams at their disposal, I have no doubt that they would be...
The MAFIAA argued that Limewire owed them more money than the GDP of every country in the world combined. There is no doubt in my mind that they would sue every manufacturer of consumer level networking equipment and even the makers of basic ethernet cables for "facilitating piracy" if they thought they could get away with it and come out even one dollar ahead for their troubles. They shake down grandmothers for fuck's sake, even after death.
But I'd file a police report (bearing in mind that it is criminal to file a false one), and be cooperating with the police to whatever extent they requested to discover who it was, if it was possible.
I'm betting most people aren't even aware they've got someone leeching on their wifi until they get a notice like this in the first place, and even if they were, how do you prove they knew?
While my mother was in town for Christmas last year, I drove her around to photograph the Christmas lights around one of the nicer neighborhoods here in town, and out of curiosity I turned on the wifi scanner on my phone... at least 20% of the wireless networks I was able to pick up were wide open. These were high-6, low 7-figure homes...
It's ridiculous how often you find unsecured networks in this day and age.
It is not just a matter of traffic violations; the legal system in America is so massively complex that it is hard to say who, if anyone, is actually innocent. You might have dug a hole on your property illegally (e.g. while gardening). You might have imported some seeds without filling out the requisite paperwork. You might have disposed of household chemicals or hazardous products in an illegal fashion. Maybe your wireless network is illegal -- did you double check the antenna gain and transmitter power (believe it or not, I have seen people who unknowingly run illegal wifi stations -- 1W with a 9dBi antenna)? Maybe your house is not up to electrical codes -- are you sure that old antennas and satellite dishes are properly grounded? Are you sure you never downloaded software from another country that violates patents in this country? Depending on your age, location, and sexual partners, you may have broken any number of laws prohibiting various sex acts, many of which were still in effect until recently.
There are also laws that were passed for reasons long forgotten, especially state and local laws. In several states, it is illegal to have an ice cream cone in your back pocket (I will be impressed if this is one that you broke); it sounds insane today, but at one time this was a way to steal horses. Can you honestly say that you have never broken some bizarre, antiquated law that nobody could be expected to be aware of?
The problem with laws is that they almost never expire. The legal system only ever expands, as new laws are passed to address today's concerns while old laws remain on the books indefinitely.
Palm trees and 8
How would you clone one of my mac addresses without having access to my devices? How would you profile my usage without having access to my network in the first place, unless you work for my ISP (who doesn't know my devices' mac addresses either, since they are all behind a hard wired router, whose mac address my ISP could know)? How would you even know the name of my access point? How would you know what encryption to utilize? How would you crack the password?
Granted... I'm prepared to admit that the level of security I have is probably somewhat beyond the sixty or so seconds that it takes to teach somebody's grandmother to secure their wireless router (I've done this, by the way... and it barely took a minute), but it's still not really that hard to learn for anybody who values their privacy.
File under 'M' for 'Manic ranting'
I believe the isp keeps ip and mac address in their logs along with a time stamp. The question is, is it the mac address of your machine or the mac address of your router, or both.
I never said I am responsible for all activities in my house.... I said I am responsible for the activities of people who, with my permission, use the services that I have within in my house.
If they do so without permission, then they are breaking another law already anyways.
File under 'M' for 'Manic ranting'
Finally a Judge with common sense, just blame the wireless hackers!
Wow, I guess my friends who spent years becoming certified in various network specialties were just doing their duties as citizens. Who knew?
There's no -1 for "I don't get it."
So we shouldn't secure our wireless routers after all?
While agree with the Judge, it's not nearly going far enough. I used to work in a department that handled copyright infringement complaints for a large ISP. When the copyright owner makes a complaint, by law the ISP is required to take action. But there are multiple problems with the entire premise.
1. The complaint comes in via an unverifiable email. The ISP has no idea who really sent it. As any ISP knows, spoofing an email is about the simplest thing for a teenage hacker to perform.
2. Even if the ISP could verify the sender, they have no idea if the sender is really the content owner. In fact, the ISP has absolutely no way to find out who the content owner is. This is something, that by its very definition would need to be decided in a court of law.
3. The ISP has no idea if the person sending the email is telling the truth in the least. Even if they are telling the truth they have no idea how competent their methods are. All they have is an email that says they "saw" the user download some content they own. They could have made it up, they could have terrible methods for detection. I believe there was one case where a university student managed to get DMCA notices sent to several campus printers IP addresses.
4. And most importantly, the ISP KNOWS most of the complaints are total BS. I personally saw at least 25% of the complaints that came in were against IP addresses that didn't have customers on them... or belonged to network devices we owned.
The entire premise that someone can connect to a torrent and then say that every IP address that their software tells them is connecting to that torrent is a pirate is asinine. There's a simple solution to your problem media industry... stop price gouging. Work WITH and not against netflix, pandora, and the like. Make it easier to pay you than it is to pirate... and the pirate community will die. Humans follow the path of least resistance. It's illegal to run red lights, but people still do it all the time, because it's easier than stopping. How do they really stop people from red lights? Take them out and put in a round-a-bout.
Will this instead become cause for a nearly blanket search warrant? Seize *all* computer gear in the house to search for most any 'improperly copied' material.
It would if there was something like child porn or real terrorism going on.
---- Booth was a patriot ----
No, you are not a troll, but someone who blindly follows rules probably needs a wake-up call.
So, if you run a cafe with free wireless the same applies? Or a school or university? What about care homes? If not, why the distinction?
What about the people who use your electricity, or land? You responsible for what they do? And if someone borrows your car and robs a bank, you responsible for the robbery?
See where this is going yet?
If you still need convincing, what about if your teenage child sends a compromising picture or receives one from a friend across your network. You wanna go down for kiddie porn?
There is a record of what you had. For billing purposes.
---- Booth was a patriot ----
At least for criminal matters, they need to have timestamps when they request what customer had what IP address. (When using it in court, the timestamps had better be accurate and the search warrant better have produced corroborating evidence.) Since the ISP and investigators know full well how DHCP works, they almost always give out the correct information for the IP (since they keep timestamped logs).
I have written about this before but it's still important...
No only can multiple persons in a household and/or devices share an IP in an authorized way (each family member may have one or more devices online and they all share the same IP)... and not only can a Wifi-connection be illegally accessed either because it's unsecured or because it was hacked... there are known actual cases where even more ways to illegally share someone elses IP can occur:
1) One of the known devices was compromised (like a computer with an active backdoor) - this is pretty common
2) A neighbor physically breaks in and connects himself to the household network in secret using a hidden network cable
3) A neighbor physically breaks in and installs his own wireless access point and hides it - no cables will lead to the thief if discovered
4) A neighbor physically breaks in and uses network-over-powerlines adapters to connect to the household network
I guess only the imagination limits the possibilities here. Only a thorough search would reveal some of these, so without such a search they cannot be ruled out, and most can be quickly removed without leaving a trace so unless the search is conducted right away, it's pretty useless.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
This will apply pressure to get everyone a fixed IP (V6) address.
Interesting, but shouldn't the government be required to prove that the person was on your network with your permission? I suppose one could argue that "it's the subscriber's own fault for using weak-ass security", but consider this. When Verizon installs FIOS, they will not run any more wire than necessary, and will not run any wire through walls. Instead, they put the router (which is pre-configured to 64-bit WEP) right where the cable comes into the house, and then put USB dongles on all your computers.
One might be able to make the case of "well, you still shoulda known better", but if I get into a car accident because my mechanic improperly installed my new brakes, how at fault am I for that car accident?
"I'm not sure I like the fugnutish tone you used in your post!" -RogL (608926)-
usage can easily be profiled by having a WiFi NIC in promiscuious mode listening to traffic, when there is no traffic you are not using your WiFi network. MAC addresses are sent in the clear even in a WPA2 session. There are several NICs out there that support programatically changing the MAC address.
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
Thanks for helping to prove my point to the parent. A computer science degree and 20 years of experience isn't enough of a qualification to help teach someone how to secure their wireless router, you also need to be an insufferable douche. Not everyone can do it like you can. Those "regular people" out there don't have a chance.
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Like I said... I'm a hard-ass.
Not the term I'd use.
I let my friends connect to my wifi. Why shouldn't I? Of course, I don't monitor their activity - they're adults, they take responsibility for their own actions.
More relevantly, it's illegal for me to monitor their activity. Interception of electronic communications without permission of both parties is illegal in this country.
So I can't watch what they're doing, I can't validate their activities and you want me responsible for all of it?
No, 'hard-ass' isn't the term I'd use.
Is Insightful different from Insiteful. Does insightful mean telling me something I don't know?
Leslie Satenstein Montreal Quebec Canada
I would be more of a hard ass if the fines were more reasonable- in line with shoplifting.
Someone downloads a song- sure- fine them $50 bucks a song. And actually do it.
But when you are talking $150k fines- we are treating copyright infringement worse than capital crimes. It's not justice so I can't support it.
Now, as far as the "why I don't let my friends connect to wifi", even the most secure wifi can be broken in under 24 hours at this time. The only true security is hard wires.
And someone sitting with a laptop in the next yard over can put you at a lot of legal risk.
So there isn't really a good scenario out of this. You can be made to look guilty of crimes and it's very hard to prove your innocence.
Sanest solution is for the studios to charge a reasonable amount to download songs. Preferably something "unlimited per month for $xx" like a cable subscription.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.