NY Judge Rules IP Addresses Insufficient To Identify Pirates

← Back to Stories (view on slashdot.org)

NY Judge Rules IP Addresses Insufficient To Identify Pirates

Posted by timothy on Thursday May 3, 2012 @09:35AM from the that-pesky-proof-thing dept.

milbournosphere writes "New York Judge Gary Brown has found that IP addresses don't provide enough evidence to identify pirates, and wrote an extensive argument explaining his reasoning. A quote from the judge's order: 'While a decade ago, home wireless networks were nearly non-existent, 61% of U.S. homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals. Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff's film.' Perhaps this will help to stem the tide of frivolous mass lawsuits being brought by the RIAA and other rights-holders where IP addresses are the bulk of the 'evidence' suggested."

54 of 268 comments (clear)

Min score:

Reason:

Sort:

Does this apply to all cases? by CriticalAnalysis · 2012-05-03 09:38 · Score: 4, Interesting

Does this ruling apply if someone downloads child porn, makes bomb threats, discusses with terrorists or other larger crimes? Just saying it should be consistent if pirates get a pass.
1. Re:Does this apply to all cases? by Anonymous Coward · 2012-05-03 09:41 · Score: 5, Informative
  
  This still means that an IP address is sufficient for them to seize and search your computer hard disks and such, so if you have corroborating evidence there you'd still be fucked. It's just not sufficient in the absence of anything else.
2. Re:Does this apply to all cases? by CanHasDIY · 2012-05-03 09:47 · Score: 3, Informative
  
  Those are criminal infractions; 'piracy' is technically a civil matter.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
3. Re:Does this apply to all cases? by gnasher719 · 2012-05-03 09:47 · Score: 3, Insightful
  
  Does this ruling apply if someone downloads child porn, makes bomb threats, discusses with terrorists or other larger crimes? Just saying it should be consistent if pirates get a pass.
  In the context of this ruling, an IP address is not enough evidence to justify giving your name and address to someone who claims that his copyright is infringed, but isn't really interested in sorting out the copyright infringement but only to blackmail you into a settlement. Especially if someone tries to get the names of dozens of people while paying only one court fee.
  
  On the other hand, it is surely enough evidence to get the police started investigating serious crimes.
4. Re:Does this apply to all cases? by pavon · 2012-05-03 09:47 · Score: 4, Interesting
  
  Well, the ruling doesn't really set any legal precedent since it is just a district judge, and it is about a civil case not a criminal one. But it is consistent with how most judges have ruled across the country. The consensus is that it is more than sufficient evidence to get a warrant, is not even close to enough to secure a conviction by itself, but when combined with other evidence may do the job. Just follows common sense really.
5. Re:Does this apply to all cases? by slater.jay · 2012-05-03 09:50 · Score: 5, Informative
  
  The standard for probable cause in the case of a search warrant is significantly lower than the standard for conviction.
6. Re:Does this apply to all cases? by Githaron · 2012-05-03 09:51 · Score: 2
  
  Wouldn't it be even more important in a criminal trial to not equate an IP address with an individual without additional evidence?
7. Re:Does this apply to all cases? by dbet · 2012-05-03 09:52 · Score: 4, Insightful
  
  I think if someone made bomb threats from an IP address, the FBI would FULLY investigate, because jailing the wrong person means the bomb still goes off, where the RIAA doesn't care if they sue the wrong person.
8. Re:Does this apply to all cases? by MoonBuggy · 2012-05-03 09:54 · Score: 4, Insightful
  
  Surely that reinforces the point, though? Criminal cases have higher standards of proof than civil ("beyond reasonable doubt" compared to "on the balance of probabilities"), so if it's not enough for a civil case it sure as hell isn't enough for a criminal one.
9. Re:Does this apply to all cases? by Moses48 · 2012-05-03 09:57 · Score: 2
  
  Here's my take on the matter:
  If someone dies because a TV is thrown out of a window, you shouldn't just arrest the person with the open window. Maybe that's sufficient evidence to go search the room for a missing TV, but maybe it was the neighbor. In that scenario they would look at who might have sent the TV flying, not just the weak evidence that it was someone from within my apartment.
  Same with bomb threats. If bomb threats are originating from my IP address, I would imagine society (ie: throough the police authority) would like to see my computer and know more about me. They shouldn't send a class action lawsuit against me, and/or bully me just because a hacker has hijacked my computer.
10. Re:Does this apply to all cases? by Arancaytar · 2012-05-03 09:59 · Score: 4, Insightful
  
  If a search warrant required as much evidence as a conviction, there would be no point to search warrants.
11. Re:Does this apply to all cases? by brit74 · 2012-05-03 10:00 · Score: 2
  
  Okay, but wouldn't "can't identify a person" still apply in both cases? Afterall, if you're going to go to jail for making a bomb threat (or child porn, etc), then it's even more important to disregard IP-address based evidence in criminal cases.
12. Re:Does this apply to all cases? by CanHasDIY · 2012-05-03 10:07 · Score: 2
  
  I think so, but then again I never said it wouldn't.
  
  Was merely pointing out that a precedent-setting decision in civil court doesn't apply to criminal matters, and vice versa.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
13. Re:Does this apply to all cases? by CanHasDIY · 2012-05-03 10:10 · Score: 2
  
  One would think that... then again, considering that a person can be arrested, prosecuted, and convicted of "resisting arrest" without any other charge, I have my doubts about these 'higher standards' of which you speak...
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
14. Re:Does this apply to all cases? by girlintraining · 2012-05-03 10:25 · Score: 4, Informative
  
  The standard for probable cause in the case of a search warrant is significantly lower than the standard for conviction.
  Yes, but everyone is hungup on the idea that the plaintiff has to prove an individual is responsible. At the moment, this may be true, but it's not much of an obstacle. Whenever you park your car illegally, they write a ticket out to the vehicle owner; And there have been many cases where the vehicle's owner was later arrested for not paying a fine they didn't know about because they had loaned their vehicle out to someone else. And unless the vehicle owner can prove they weren't the ones operating the vehicle, the courts have held they are responsible; They can't simply say "It was Ghost Man that parked my car downtown, not me!"
  So for now, in that jurisdiction, they may be able to stop people from being sued for copyright infringement based on the IP address alone; But laws can and will be passed within a few years there where the ip address "owner" is responsible (and by owner, I mean ISP subscriber).
  At best, this is an empty victory: It may stall copyright enforcement in that juridsdiction temporarily, but it will resume, and the cat and mouse game will move forward. They'll just start using things like timing, traffic analysis, client version identification, etc., to form digital fingerprints that (after they've seized your computer) will be used to individually identify you even from behind your standard NAT router.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
15. Re:Does this apply to all cases? by sjames · 2012-05-03 10:45 · Score: 5, Insightful
  
  That depends. The parking ticket thing was standing between a city government and a revenue stream. That is known to be the most dangerous place to stand in all of existence.
16. Re:Does this apply to all cases? by Anonymous Coward · 2012-05-03 10:45 · Score: 2, Interesting
  
  My understanding of "sufficient" is
  Lawyer: We think that IP is a pirate.
  
  Judge: Well, I IP is not sufficient ev
  
  Lawyer: That IP has downloaded 500 movies this month, has never stopped being active in the swarm (so it's not a passerby), runs a linux-based torrent client (they are only ~3% of the desktop market and the dude has an FSF sticker on his car, so it's totally him), and one of the movies was 'Hackers'. Who the hell watches that but geeks who like 'sticking it to the man'?
  
  Judge: I see. In that case, release the pirate hounds.
17. Re:Does this apply to all cases? by Archangel+Michael · 2012-05-03 10:46 · Score: 4, Interesting
  
  Except that it is not. I was arrested for "resisting arrest", then added a charge of being "drunk in public" to cover the act that I knew that they couldn't arrest me for resisting arrest alone. They then changed the charge to "Resisting arrest" and "Assault on a police officer" after I informed the police I was neither "drunk" nor in "public" (being sober INSIDE a private residence).
  The prosecutor continued prosecution through the trial and I was acquitted in less than 1 hour. Juries take a very dim view of police trying to cover their asses. It also helps that could recall with exact detail (even to this day) the entire conversation the police officers had trying to cover the fact that they were arresting an asshole (me) who was smarter than they were.
  My suggestion is, don't resist, but don't help them. They often claim the latter is the former, it is not.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
18. Re:Does this apply to all cases? by Archangel+Michael · 2012-05-03 11:05 · Score: 5, Insightful
  
  I was in a private residence, they had no rights to order me to do anything, because I was not hindering their investigation, nor was I doing or involved in anything illegal. If the cops can go into any residence and order the occupants around and arrest people for not "not following orders" ... then I have a HUGE problem with that society. And you don't?
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
19. Re:Does this apply to all cases? by nabsltd · 2012-05-03 11:27 · Score: 4, Insightful
  
  This still means that an IP address is sufficient for them to seize and search your computer hard disks and such, so if you have corroborating evidence there you'd still be fucked.
  For a criminal matter, an IP address might be enough by itself to issue a search warrant.
  Luckily, the copyright infringement that is being done in file sharing doesn't fall under the "criminal" section of copyright law.
20. Re:Does this apply to all cases? by Anonymous Coward · 2012-05-03 11:38 · Score: 3, Insightful
  
  For the most part, an IP address has never been able to prove anything short of a temporary usage.
  - most cable and DSL modems use NAT, one ip address for the outside.
  - proximity to busy areas (eg in a condo building that's part of a shopping district is enough) is enough to claim "it wasn't me"
  - Wireless devices (mobile phones, tablets) that can also operate as WiFi access points may not be secured enough
  - Shopping Convention centers may have many of the above showing up peoples devices, particularly iPhone and iPad's which do this by default.
  In 2004, when I first bought a router, I also bought a GPS and went wardriving with the laptop for kicks. At the time, most of the 802.11b routers were not encrypted, and it was easy to just pop in and pop off any unencrypted one.
  When I lived in a condo building, I had line of sight to WiFi access points located so far away (where you'd need binoculars to find it) that I was able to access them for minutes at a time. Some of these were early Hotel systems that were unencrypted.
  Some neighboring condo units had unencrypted routers that were clearly hijacked, as they would reboot randomly
  Some people leave their routers "open" to have plausible deniability
  Some people use Tor onion routing behind such routers
  Some people may intentionally look stupid, but they actually run a VPN over the wireless system to an initial exit point somewhere in the US so they can use US services (Eg netflix, hulu) or pirate indiscriminately on other people's systems.
  Overall the problem is that responsibility lies first at the ISP, for not detecting "open" routers. Many ISP's issue wireless DSL and Cable modems in only a "semi-secure" state, that it only takes a disgruntled employee at the ISP to dump the configurations, along with the administrative passwords for the devices to compromise all of them. Many of these devices share the exact same admin password.
  The Subscriber's responsibility is only for devices physically attached to the cable modem, which may include secondary wireless routers. So if they give out passwords for their friends to use it, and their friend comes back a month later and downloads some seriously illegal stuff, you're not going to remember seeing your friend downloading anything. So if it's your router, it's your problem, but if the ISP has any control over the router/modem it's the ISP's responsibility. If their subscriber is a moron, they should cut them loose.
  I'm not suggesting that ISP's be responsible for damages, and neither should subscribers be responsible for damages caused by someone accessing the system without their knowledge, but both should take proactive action against letting people use their system.
  This also means that ISP's should be detecting "bot" traffic, hijacked machines, at their headend and proactively warn users about suspicious activity where the customer's usage pattern changes.
21. Re:Does this apply to all cases? by pipatron · 2012-05-03 13:09 · Score: 2
  
  If bomb threats are originating from my IP address, I would imagine society (ie: throough the police authority) would like to see my computer and know more about me. They shouldn't send a class action lawsuit against me, and/or bully me just because a hacker has hijacked my computer.
  The problem with this is that "see my computer" must mean "take everything in my house that can store digital information and keep it at the station until the computer forensic guys have time to look at it, likely within the next 6 months."
  In this day and age, it's pretty much like taking everything you own...
  
  --
  c++; /* this makes c bigger but returns the old value */
22. Re:Does this apply to all cases? by Cwix · 2012-05-03 13:23 · Score: 4, Insightful
  
  No, you loan your car to someone. Therefore you are responsible. If someone steals your car and crashes into a bus full of nuns, you aren't.
  You may be able to make a case that if the person billed for the IP address would be responsible for guests, but if the kid next door is "stealing" internet from you then you shouldn't be.
  Its an analogy fail. Get over yourself.
  
  --
  You are entitled to your own opinions, not your own facts.
23. Re:Does this apply to all cases? by Jane+Q.+Public · 2012-05-03 13:35 · Score: 5, Informative
  
  "It's not flawed at all, it's just a position you disagree with."
  Actually, it is flawed, because automobiles are just about the only things for which the courts have upheld this idea... and there is very little doubt that they have done so for no reason other than that not doing so would interfere with their own branch of government's revenue stream, just as someone else mentioned. Otherwise they would have generalized the concept to other areas of the law... but they haven't.
  
  In general, you cannot be held liable for other people's actions, even if they used something belonging to you in order to do it. Automobiles have been held to be an exception to that, but that's the important part: they are an exception, not the rule. So as an analogy it doesn't work.
  
  "You're an accomplice in any illegal activity if you fail to take any steps to prevent it. "
  Horsepucky. It just doesn't work that way. In most states -- maybe even all -- this is simply not true. There is no obligation on the part of a citizen to prevent others from committing crimes. It simply isn't a valid legal principle. I could stand by and watch a man shoot other people for no reason, and I am still not his accomplice. Not even remotely, in any area of the law with which I am familiar. I am not obligated by law to insert myself into the situation at all. Failing to do so might mean I was not a very nice person, but it does not make me a criminal.
  
  The only exception to this of which I am aware is that some states have "Good Samaritan" laws that require you to help people under certain, specific circumstances. For example, in my state you are obligated to stop and help someone who is stuck in the snow in a remote area, because the chance of otherwise not finding help and freezing to death is so great. And to be honest, I am not convinced that even that law is completely Constitutional.
  
  "There's plenty of legal precident to support my position, and only moral indignation to support yours."
  No, there isn't. I know for an absolute fact that my state laws contradict every single thing you have stated here, the sole exception being the part about automobile liability. And I am pretty sure that most other states are similar.
24. Re:Does this apply to all cases? by Fjandr · 2012-05-03 13:43 · Score: 2
  
  The problem with being proactive is that, in the case of an ISP, it can set you up for legal headaches.
25. Re:Does this apply to all cases? by Jane+Q.+Public · 2012-05-03 13:45 · Score: 2
  
  "The standard for probable cause in the case of a search warrant is significantly lower than the standard for conviction."
  True, but irrelevant. Court ruling after court ruling in recent years have stated that an IP address, by itself, simply does not meet minimum standards as probable cause for a search.
  
  The main reason is obvious, and I can use my own situation as an example: my WiFi router has a strong clear signal, it is completely open, and somebody a full block away could be using it at any time. Or even somebody driving past or parked at the curb on the next street over. It simply does not point to me specifically, or even to my own house.
  
  If they have evidence in addition to the IP address, added together they might constitute probable cause. But an IP address by itself, no. And more and more courts have been saying so.
26. Re:Does this apply to all cases? by Anthony+Mouse · 2012-05-03 14:00 · Score: 3, Informative
  
  You're an accomplice in any illegal activity if you fail to take any steps to prevent it.
  I'd be curious to hear which law school you attended that taught you that, considering how wrong it is.
  
  My previous example demonstrates additional legal situations where the owner can be charged for a crime that's committed by the user, absent proof that the user did it instead of the owner.
  You neglect that your examples are the exception rather than the rule. Cars are large, fast, dangerous and expensive. They have their own rules. Almost nothing works that way, nor should it. The person responsible is the person responsible, not random innocent bystanders who happens to be in the general vicinity or who lent general purpose tools to someone not knowing they would be used for nefarious purposes.
27. Re:Does this apply to all cases? by X0563511 · 2012-05-03 15:04 · Score: 2
  
  since most packets will probably take at least several hops, often via different routes, before getting to you.
  Really? Perhaps back in the 90s, or if one of the intermediate networks has some serious problem.
  The internet just doesn't work like that these days. Most often, once established, the connection will continue along the same route before termination. Even subsequent connections within a reasonable timeframe will follow the same path.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
28. Re:Does this apply to all cases? by Jane+Q.+Public · 2012-05-03 17:25 · Score: 2
  
  I should clarify something (and also state that IANAL, but I am pretty familiar with the law in my state):
  
  If I knew that someone were planning to rob a bank tomorrow, for example, and I aided them in any way, and/or did not at least report it, it is possible that I could be charged as an accessory, or even an accomplice if my actions actually helped, even a little.
  
  BUT... and this is the kind of situation I was talking about... if I am standing in a bank and somebody decides to rob it (that is, I knew nothing about any such plan), I am not legally obligated to try to prevent it, even if I am behind the guy and have a monkey wrench in my hand and could easily bash his skull in to prevent the robbery.
  
  Also, if my neighbor steals my gun when I am not looking, and goes out and shoots somebody with it, I am generally not liable even though it was my gun he did it with.
  
  If I loan a gun to the neighbor (which is perfectly legal here), and he goes out and shoots somebody with it without telling me about it, I am still not liable. Even though he did it with my gun.
  
  If I am standing next to my neighbor, and he suddenly pulls out a gun and threatens to shoot another neighbor, I am not obligated to intervene then, either. Again even if it's my gun he's using.
  
  So, there are lots of situations (almost all situations when there is no foreknowledge), I am simply not obligated to try to prevent someone else from committing a crime. There is no law or even legal principle requiring me to do that.
  
  You may be interested to know that there are number of different court rulings, including by the Supreme Court that say even the police are not required by law to try to prevent crimes. It might be part of their job description but there is no law saying they have to.
29. Re:Does this apply to all cases? by girlintraining · 2012-05-03 17:39 · Score: 3, Informative
  
  Actually, it is flawed, because automobiles are just about the only things for which the courts have upheld this idea...
  
  Oil tanker owner held liable for captain being negligent and crashing. Owner of a building complex that caught fire held liable, even though he wasn't the one who started the fire. Hotel owner held liable for meth lab being setup in room. Owners of male cattle not held responsible for bull killing someone. By the way, that's a biblical reference; I just wanted to demonstrate it's not a new concept. I can provide many, many more examples. It's not just cars. If you own something, you can be held responsible if you're neglegent in the maintenance of it.
  Your failure to secure your wifi connection and then having it used in the commission of a crime makes you liable for damages. This has already happened in the UK and Germany. It's currently being looked into in several jurisdictions in the United States. Bottom line here, there is plenty of legal precident here and globally to create, enforce, and have upheld, a law that makes the owners of an unsecured network legally liable for illegal activity which occurs on it.
  
  No, there isn't. I know for an absolute fact that my state laws contradict every single thing you have stated here, the sole exception being the part about automobile liability. And I am pretty sure that most other states are similar.
  I have provided several links indicating that at the state and national level, this is something that is being considered, has legal merit, and may be enforceable. Your turn.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
30. Re:Does this apply to all cases? by girlintraining · 2012-05-03 17:44 · Score: 2
  
  No, you loan your car to someone. Therefore you are responsible. If someone steals your car and crashes into a bus full of nuns, you aren't.
  If they crash into a bus full of nuns because you neglegently failed to have the brakes regularly inspected and they catastrophically failed, you are liable then. The argument can be made that failing to secure your networks is an act of gross negligence, especially considering Windows warns you before connecting to such a network (as do most operating systems) that it is not secure, that it says in the owner's manual of every wifi router words to the effect of "We strongly recommend you put a password on this", along with a long list of articles in just about every local and national newspaper and news website out there indicating the same thing.
  
  Its an analogy fail. Get over yourself.
  Tell that to this guy. It's not just some armchair lawyer talk here, this is real: It's in the courts right now, and you shouldn't be so dismissive.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
31. Re:Does this apply to all cases? by girlintraining · 2012-05-03 18:07 · Score: 2
  
  BUT... and this is the kind of situation I was talking about... if I am standing in a bank and somebody decides to rob it (that is, I knew nothing about any such plan), I am not legally obligated to try to prevent it, even if I am behind the guy and have a monkey wrench in my hand and could easily bash his skull in to prevent the robbery.
  
  That's correct -- because you cannot be expected to put yourself in harm's way. However, as you indicated earlier; your obligation to report it as quickly as possible once you are out of harm's way remains.
  
  Also, if my neighbor steals my gun when I am not looking, and goes out and shoots somebody with it, I am generally not liable even though it was my gun he did it with.
  
  Again, correct, but if you leave the gun, say, laying in the street, and your neighbor comes and takes it and then uses it to commit a crime, you are liable: Because not securing your weapon in some fashion is negligent.
  
  If I loan a gun to the neighbor (which is perfectly legal here), and he goes out and shoots somebody with it without telling me about it, I am still not liable. Even though he did it with my gun.
  
  Correct, but if you know he's a convicted felon and you loan it to him, you are liable, because that's negligent on your part.
  
  So, there are lots of situations (almost all situations when there is no foreknowledge), I am simply not obligated to try to prevent someone else from committing a crime. There is no law or even legal principle requiring me to do that.
  
  Correct again, but also again making the lie of omission: A person who sets up a wifi router is responsible for its maintenance. In certain jurisdictions, this can lead to legal liability if not secured; specifically if it is used in the UK or Germany, where the courts have held the owners liable for unsecured wifi routers being used to commit crimes.
  
  You may be interested to know that there are number of different court rulings, including by the Supreme Court that say even the police are not required by law to try to prevent crimes. It might be part of their job description but there is no law saying they have to.
  True, but if a police officer, through negligence, enables the commission of a crime, that is another story. And here again, your post doesn't consider what negligence is: Which is not taking action ahead of time when it would have been prudent to do so. Which is all my original post was about.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
32. Re:Does this apply to all cases? by Anonymous Coward · 2012-05-03 19:05 · Score: 2, Insightful
  
  As far as I can tell, parking tickets are essentially "liens" on the vehicle for services rendered(storing your car). The idea that they stored your car without entering in to contract with you seems to be the hole in this logic. Trying to get a municipal government to explain legal reasoning behind their actions has always been an uphill battle for me.
  Traffic Court is another concept which defies logic. Seemingly, you aren't entitled to a court appointed attorney because the penalties are financial and do not have the potential to result in a singly day of imprisonment. The Supreme Court ruling that established court appointed attorneys referenced the right to an attorney specifically when threatened with a single day of jail time which was a clumsy and unnecessary qualification to the concept IMHO.
  The courts generally seem to run based on a weird hybrid of civil and criminal rules of procedure. This seems to be as a result of them being established by a legislature delegating the authority and jurisdiction to tax.
  This is why the ticketing officer seems to be the plaintiff, witness, and executioner. It would be perverse under normal circumstances for an individual to be able to delegate themselves as representation for a large group of people seeking collective damages. They aren't licensed to practice law so they can't really call themselves as witnesses or even function as a lawyer on someone-else's behalf.
  It's a hardcore conflict of interests any way you look at it and their testimony would be here-say except I think they document everything as an affidavit as part of their paperwork when they issue the ticket. Except there are no witnesses to the affidavit AFAIK.
  It's all pretty thinly veiled lack of due process with dodgy legal justification IMHO.
33. Re:Does this apply to all cases? by JackieBrown · 2012-05-04 00:26 · Score: 2
  
  In Texas, it is illegal to leave you keys in an unattended car to help prevent your car from being used in a crime.
  http://www.txdmv.gov/protection/auto_theft/hold_key.htm
34. Re:Does this apply to all cases? by zevans · 2012-05-04 01:24 · Score: 2
  
  Firstly, my understanding is that the German case was a civil matter, so it comes down to two tort lawyers having a pissing contest. I would suggest this is not very relevant a discussion of criminality; it's more akin to patent wars.
  Secondly, this has not happened in the UK. In the UK Straszkiewicz was found guilty of entirely the reverse; he took advantage of an open network that was intended as private domestic infrastructure, and THE OWNER OF THE NETWORK was not even charged with an offence in the first place, never mind found guilty. The rogue user was fined and received a criminal record. NOT the owner.
  Furthermore the user was charged with a specific offence under the Communications Act 2003, "dishonestly obtaining an electronics communication service." Hard to argue with that. (One of the problems with that Act is it's very weak on "intent" in general.)
  
  --
  "... and more and more now there are all kinds of electronic goodies available" -- Pink Floyd 1972
Judges. by AG+the+other · 2012-05-03 09:38 · Score: 5, Insightful

Some of them are teachable.

--
Non bene pro toto libertas venditur auro
Seems Optimistic... by g0es · 2012-05-03 09:40 · Score: 2

that it will stem the tied of frivolus mass lawsuits. My guess is they will just pick a different tactic. I suspect that we will see some court decisions and or laws past that will make the person paying for the service assocated with the IP address responsible for all traffic that is sent or received.
Yes, this does appear to be a federal court by slimjim8094 · 2012-05-03 09:41 · Score: 5, Informative

Don't know why it wasn't in the writeup. This ruling was in the federal court for New York's East District, which I think (IANAL) means it is precedent there (but not necessarily elsewhere in the country)

--
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
Re:To be fair.... by MrEricSir · 2012-05-03 09:45 · Score: 5, Insightful

And as for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.

Right, because we should expect 100% of the US population to understand network security and know how to properly secure a wifi router. Makes perfect sense!

--
There's no -1 for "I don't get it."
Does this speed up IPv6 rollouts? by mtvsucks · 2012-05-03 09:45 · Score: 2

If this ruling stands, I wonder if **AA will start pushing for IPv6. It'd be their best interest to eliminate NAT to protect their new revenue stream of suing their consumers. Years of technical arguments never got traction, but maybe a Judge just kicked us over the hump.
Something or other about the ends not justifying the means.

--
1337
Finally some common sense in the judiciary by Galestar · 2012-05-03 09:46 · Score: 5, Insightful

Thank you Judge Gary Brown

--
AccountKiller
Re:To be fair.... by CanHasDIY · 2012-05-03 09:48 · Score: 4, Insightful

And as for people who run unlocked wireless routers and let anybody in the neighborhood utilize their bandwidth, I have zero sympathy.
Right, because we should expect 100% of the US population to understand network security and know how to properly secure a wifi router. Makes perfect sense!
Also, this.

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
I live near a coffee shop in a high tech city by WillAffleckUW · 2012-05-03 09:53 · Score: 2

And on my block there are hundreds of unsecured wireless routers, cellphones acting as hotspots, and laptops and iPads.
Even though I secure my wireless N router, anyone using Google warganging software from their streetview team could still slurp up all the IPs and then brute fake it on another device.
The judge is right.

--
-- Tigger warning: This post may contain tiggers! --
Re:To be fair.... by amicusNYCL · 2012-05-03 10:05 · Score: 5, Insightful

It takes about 60 seconds to teach somebody to secure their wireless router. The only remotely time consuming part is getting them to believe that it's actually a smart idea.
I think you've got those backwards.
OK, listen, if you leave this unlocked then anyone who finds it can download anything. They can download child porn, illegal movies, terrorist documents, whatever, and it's all linked to you.
Well that sounds bad, better lock it up.
Right. OK, so the first thing you do is open your browser and go to one nine two dot one six ...
Wait, what's a browser?
Just double-click on the blue "E".
Got it. OK, I type in one nine two ...
Wait, not in the Bing search bar, you type it into the address field.
What's the address field?

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Re:And what about dynamically assigned ones? by Bengie · 2012-05-03 10:08 · Score: 2

Your assigned IP's are logged for something like 6 months-2 years. Mistakes can be made, but most of the time, they shouldn't "accidentally" pick you.
IPv6 by roothog · 2012-05-03 10:10 · Score: 2

Hey, we can finally get IPv6 adopted everywhere now that the entertainment mafiaas will lobby for every system to have a unique address.
And WEP vulnerabilities by Sycraft-fu · 2012-05-03 10:14 · Score: 4, Insightful

A lot of people still have WEP only routers. My parents are some of those people. They are not tech people, they bought a router back in the day when WEP was all you got. It still works so they won't get a new one.
They aren't the only ones either. While I don't see a whole lot of APs from my house, of the ones I do see two are WPA1, two are WEP, none (except mine) are WPA2.
And if we want to start to make it illegal to have bad security, well then we first need to start with door locks. Residential houses always have shitty locks. They are just regular ass locks from Home Depot that are vulnerable to bumping, ice picking, have no key control, and so on. You can get better locks no problem, they just cost a whole lot more so people don't bother.
However if you want to say "You have to buy a new router any time the old ones are found to have security issues, otherwise you are liable for any breakins," then I think you also have ot say "You have to buy better locks, otherwise you are liable for any breakins."
Where is IPv6 anti-NAT crowd now? by ugen · 2012-05-03 10:19 · Score: 3, Informative

This is a great argument. Unfortunately, once we are all moved to IPv6, and with help of IPv6 zealots who are against NAT privacy protection "on a principle" - each device behind home router will receive its very own unique IP (perhaps more than one, if temporary IPs are used, but certainly unique address). Once that is in place, the argument no longer holds and we are back to square one.
I certainly hope that Linux network stack crowd (because they are the ones whose product will be used, as is customary, in large chunk of wifi routers and other home network devices) will get something done before copyright holders wisen up, and poke Comcast/Cox cable/Verizon to roll out IPv6 to end users.
1. Re:Where is IPv6 anti-NAT crowd now? by Just+Some+Guy · 2012-05-03 11:47 · Score: 4, Informative
  
  From Wikipedia:
  
  Privacy extensions for IPv6 have been defined to address these privacy concerns. When privacy extensions are enabled, the operating system generates ephemeral IP addresses by concatenating a randomly generated host identifier with the assigned network prefix. These ephemeral addresses, instead of trackable static IP addresses, are used to communicate with remote hosts. The use of ephemeral addresses makes it difficult to accurately track a user's Internet activity by scanning activity streams for a single IPv6 address.
  
  Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS since version 4.3. Some Linux distributions have enabled privacy extensions as well.
  
  People dislike NAT because it's a crappy idea whose best featured are better implemented in other ways. It's not because we're too dumb to understand the issues or too cavalier to care about them.
  
  I certainly hope that Linux network stack crowd (because they are the ones whose product will be used, as is customary, in large chunk of wifi routers and other home network devices) will get something done before copyright holders wisen up, and poke Comcast/Cox cable/Verizon to roll out IPv6 to end users.
  We did, about a decade ago.
  
  --
  Dewey, what part of this looks like authorities should be involved?
2. Re:Where is IPv6 anti-NAT crowd now? by farble1670 · 2012-05-03 12:34 · Score: 3
  
  Once that is in place, the argument no longer holds and we are back to square one.
  if you are using the "wasn't me downloading that" defense as a loophole to allow you to get away with illegal activities, then sure, you are back to square one.
  on the other hand, if your goal is to ensure that people aren't incorrectly identified and persecuted for for crimes they did not commit, then it solves the problem perfectly.
Re:To be fair.... by idontgno · 2012-05-03 10:44 · Score: 2

As for people who didn't have permission, that would constitute unauthorized computer access, and is also a criminal offense.
True. But it would never come to that, since the law is a lazy evaluation system and bails out after finding the first perpetrator and the the first offense: the subscriber, and whatever heinous thing the subscriber is accused of. In that case, "someone else did it" becomes just an ineffective defense, and the prosecution gets what it wants anyway: a conviction.
Justice? That's not the point, amiright? Sure, I'm right.
One would be remiss to not file a police report upon discovery, and cooperate with the police to discover the perpetrator. To not do this, in fact, would be indication of implied consent of the activity, and therefore you'd be held responsible again.
Exactly.
Let me guess. You sell network security tools or intrusion detection systems, right? "The only way you're gonna avoid getting busted for whatever happens from your IP address is if you watch your network obsessively... and my $PRODUCT will do that for you."
And of course, no one has ever been accused of and publicly pilloried for a crime they didn't commit, but reported to proper authority. Reporting a criminal event on your own property, committed with your own resources, is tantamount to turning yourself in and confessing to the crime. Thanks for playing.

--
Welcome to the Panopticon. Used to be a prison, now it's your home.
Re:And what about dynamically assigned ones? by ags1 · 2012-05-03 12:06 · Score: 2

I believe the isp keeps ip and mac address in their logs along with a time stamp. The question is, is it the mac address of your machine or the mac address of your router, or both.
Not far enough by Charliemopps · 2012-05-03 12:47 · Score: 4, Insightful

While agree with the Judge, it's not nearly going far enough. I used to work in a department that handled copyright infringement complaints for a large ISP. When the copyright owner makes a complaint, by law the ISP is required to take action. But there are multiple problems with the entire premise.

1. The complaint comes in via an unverifiable email. The ISP has no idea who really sent it. As any ISP knows, spoofing an email is about the simplest thing for a teenage hacker to perform.
2. Even if the ISP could verify the sender, they have no idea if the sender is really the content owner. In fact, the ISP has absolutely no way to find out who the content owner is. This is something, that by its very definition would need to be decided in a court of law.
3. The ISP has no idea if the person sending the email is telling the truth in the least. Even if they are telling the truth they have no idea how competent their methods are. All they have is an email that says they "saw" the user download some content they own. They could have made it up, they could have terrible methods for detection. I believe there was one case where a university student managed to get DMCA notices sent to several campus printers IP addresses.
4. And most importantly, the ISP KNOWS most of the complaints are total BS. I personally saw at least 25% of the complaints that came in were against IP addresses that didn't have customers on them... or belonged to network devices we owned.

The entire premise that someone can connect to a torrent and then say that every IP address that their software tells them is connecting to that torrent is a pirate is asinine. There's a simple solution to your problem media industry... stop price gouging. Work WITH and not against netflix, pandora, and the like. Make it easier to pay you than it is to pirate... and the pirate community will die. Humans follow the path of least resistance. It's illegal to run red lights, but people still do it all the time, because it's easier than stopping. How do they really stop people from red lights? Take them out and put in a round-a-bout.
Re:To be fair.... by amicusNYCL · 2012-05-04 04:00 · Score: 3, Insightful

Thanks for helping to prove my point to the parent. A computer science degree and 20 years of experience isn't enough of a qualification to help teach someone how to secure their wireless router, you also need to be an insufferable douche. Not everyone can do it like you can. Those "regular people" out there don't have a chance.

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black