Slashdot Mirror
Forensic Investigator Outlines BitTorrent Detection Technology
NewYorkCountryLawyer writes "In one of the many BitTorrent download cases brought by pornographic film makers, the plaintiff — faced with a motion to quash brought by a "John Doe" defendant — has filed its opposition papers. Interestingly, these included a declaration by its 'forensic investigator' (PDF), employed by a German company, IPP, Limited, in which he makes claims about what his technology detects, and about how BitTorrent works, and attaches, as an exhibit, a 'functional description' of his IPTracker software (PDF)."
Wouldn't that mean that it is subject to the GPL since it is derived from a GPL based product? So, let's see the source.
Try tracking us there.
Good luck.
---- Booth was a patriot ----
It is not possible that an allocated GUID is allocated to another user again.
I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).
I've read their software specs. Seems they have some typo,
The data can only be decoded and used by the responsible lawyer, only his software contains the deciphering method and this one one in this case also secret (called "public") key.
Seems at least that one typo. At least I *hope* that's a typo.
... it is not possible that an allocated GUID is allocated to another user again.
Same could be said about MACs, and cell phone ID numbers. No one ever clones those!!!
So it seems, by their reasoning, if you go on a P2P network and clone someone else's GUID, well, then I guess the other party must be guilty, no?
Seems that even if you use Bittorrent or similar to only download Linux distros or even WoW patches, someone can just clone that and use it and then they will just send the innocent the bill?
How? I can't imagine that any of these P2P applications include such functionality.
They don't. This guy might be a programmer, but he's got bricks for brains when it comes to proper terminology.
#fuckbeta #iamslashdot #dicemustdie
Possibly, possibly not. Being a legal thing, this will vary hugely by jurisdiction, but in general I'm not aware of any contested case where an individual has been found liable, either jointly/vicariously, or through negligence, for the mere actions of another using their Internet connection.
A while back TorrentFreak looked into this, getting a couple of US lawyers to argue for and against this sort of liability. Unfortunately the "for" one only discusses negligence, and the "against" only looks into indirect and vicarious liability, so both could be perfectly correct...
This is where the tests for "negligence" come in (ignoring any statute law on the handling of firearms; obviously, where I'm from, possessing a rifle would probably be illegal in the first place). In common law negligence generally requires that there be some duty of care owed by the defendant to the claimant/plaintiff, that the defendant fell below the appropriate standard of care, which caused damage to the claimant that wasn't too remote.
Wrt allowing someone to use your Internet (or not securing it), it seems possible that there may not even be a duty in place (due to a lack of proximity, unless children are involved), and it would be easy to argue that the standard wasn't breached by simply having an unsecured or weakly secured network, or letting someone use a computer unsupervised (that would be far too onerous).
It would be an interesting, if pointlessly expensive, case to argue, and afaik, that hasn't been argued either in the US or the UK (the first article references a case, but I have a strong feeling that may be a summary judgment).
Only takes one person to sell out an entire private tracker.
---- Booth was a patriot ----
Does this so-called "IPP" company in fact exist at all? I've had a cursory glance on Google, but didn't find much of interest.
German companies are not called Limited or Ltd. if they are indeed "governed by German law", as claimed in the court declaration. Under German law it should be called "IPP GmbH". I would normally assume a "Ltd." company was based in the UK, on one of their islands or somewhere far away from Europe in general.
IPP seems to be a fairly common name in the German business register (Unternehmensregister), but none of them seem to be the company in question? Does anyone out there have further information?
the private copyright cops have no reason to lie or cheat
Sure they do. Since this is really just an elaborate extortion racket, the more IPs they deliver to their clients, the more they get paid. Their clients just file a bunch of John Doe lawsuits and hope for settlements. The more IPs they have, the more possible settlements -- false positives be damned.
So in all of these cases, as a technical person, I can't help but wonder how they're connecting an IP address to positive evidence of a specific person's deliberate action. There are countless plausible scenarios where a person can own a number (IP address) involved in a crime and yet not themselves be aware of or involved in said crime. Some examples are:
In all of these scenarios, the crime could have been committed without any knowledge of the defendant. In some of these scenarios, the defendant has little-to-no chance to detect or thwart the crime. How does any lawyer convince any judge or jury that the person on trial committed a crime in light of this?
From a defensive point of view, what is the minimum number of compromises that one should run in their own network to provide themselves with sufficient plausible deniability from this type of thing?
Furthermore, from an activist's point of view, imagine someone built a malware variant that monitored browser usage (Google, Facebook, etc.) for movie names and automatically downloads movie titles that were mentioned to a secret directory? I've now got a piece of malware that automatically, without any user knowledge or intervention, downloads illegal files that that user is interested in. What if the malware downloads new movie releases instead by monitoring public release knowledge bases for titles? Is being infected by such a malware enough for innocence? If enough people are thusly infected would the entire concept of using IP subpoenas for prosecution fall apart?
Just food for thought. I'd really like to know how someone can be held criminally-liable unless the prosecution caught them using the illegal file or captured an attributable confession.
Only the old farts....
00:00:00:00:00:00 is where the hip anons lurk.
Do not look at laser with remaining good eye.
Indeed. My understanding of the situation (having followed some of these cases etc., including attending court hearings) is that the tech companies get paid by the IP. Most other parties involved (the copyright owner, the legal team, the holding company that brings the case) get either a percentage of net profit, or a fixed fee. As such, it's in the tech. groups interests to provide as many IPs as they can, as cheaply as possible.
This is why they have been known to cut corners (such as just scraping a list of IPs from a tracker, rather than checking that any given IP is actually sharing the file at the particular time), or spend too much time actually looking into the technology. Interestingly, an "expert witness" in a recent English case noted that he"did not have [the software he was testifying with regard to] installed on his computer, and did not concern himself with how it worked").
In the ACSLaw leaked emails, one thing that was noted was that around 1 in 4 IP addresses that had been identified as infringing weren't even assigned by the ISP at the time when the alleged infringement occurred. That statistic, to me, suggests that something is pretty screwed up is going on with data gathering.
Kids these days don't know about ::1 I take it?