Judge Orders Piracy Trial To Test IP Address Evidence

another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth." "The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."

Hopefiully...

[neo8750]

They can defend against this and finally put an end to all the crazy lawsuits

Re:Hopefiully...

Until IPv6 arrives and all traffic could be traced back to the very device itself.

Still not 100% certain, but a lot more certain than IPv4..
Probably if IPv6 will be used more and more in the near future, and we will see this whole circus raise it's ugly head again...

Re:Hopefiully...

[marka63]

IPv6 will still only get you the residence. Privacy address are used by default for out going connections and are changed regularly by the OS. If you run a server then you advertise a service the you use the stable address in the DNS which is constructed from the MAC if using SLAAC.

The address tagged as temporary below will be different this time tomorrow and they are the ones your browser uses when it wants to talk to the world.

% ifconfig en1 inet6
en1: flags=8863 mtu 1500
        inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5
        inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf
        inet6 fd92:7065:b8e::9839:c2cc:8436:dd0b prefixlen 64 autoconf temporary
        inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf
        inet6 2001:470:1f00:820:2c19:2778:d2ee:a35b prefixlen 64 autoconf temporary
%

Responsibility?

[i_ate_god]

An IP address will identify a connection, that someone is responsible for.

There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.

Re:Responsibility?

And if you support those laws, you're a piece of garbage.

Re:Responsibility?

if someone loans your car....and robs a bank......

Re:Responsibility?

[msauve]

"An IP address will identify a connection, that someone is responsible for."

Sure. The ISP is responsible for that IP address, and has bigger pockets than some individual subscriber - so why not go there? ISPs have fought long and hard to not be considered "common carriers," so that would be just desserts.

Re:Responsibility?

[firex726]

Which of course now they are actively trying to throttle and monitor traffic.

Re:Responsibility?

If you loan them your car then you're an accessory to the crime.

But with IP addresses having potential for being dynamically assigned, having a shared IP within a single household (external at least), and several other factors which could mean that the IP doesn't belong to a single individual at all. It's also possible to use various technology to mask or misuse other IP addresses to conceal your identity and potentially mislead this identification to such a point it's beyond invalid.

If your PC is a zombie and you have no knowledge of this, does it make you as guilty as lending your friend a car to committ a crime?
I don't think so, it's easier to show where neglect to cover your own ass was made in one instance, yet in another (for most general PC users) is not a crime. It's more an example if your car gets jacked and you're forced to drive to and from a bank robbery under duress.

I may have several devices in my home - can I vouch for every one of them for security to an absolute, or can I merely show I made sufficient effort to avoid being abused and be immune to prosecution..

IP Shm-IP.

Perhaps the telcom/BB provider should be the guilty party for allowing illegal activity to be allowed on their 'roads' in the first place.

But then my car can do 100mph, it doesn't mean I should drive that fast.

I don't think I have a point, I don't think I even have an IP.

Re:Responsibility?

[i_ate_god]

why?

negligence, in some cases, should be considered criminal.

Re:Responsibility?

[i_ate_god]

for the same reason that a car company won't get blamed when someone drunk drives, but the establishment serving the drinks (or in some jurisdictions, the bar tender) will be.

Re:Responsibility?

[mellon]

Right. If you leave your car's emergency brake off on a slope, and it rolls down and kills someone, you're responsible for that person's death. Of course, they'd have to prove that you were the one who parked the car badly. Now, what's the equivalent analogy for an open WiFi connection?

Re:Responsibility?

[ThatsMyNick]

But this is a civil lawsuit, not a criminal investigation.

Re:Responsibility?

[ThatsMyNick]

If you loan them your car then you're an accessory to the crime.

No you are not. If you knew that he is going to rob a bank and still loaned him the car, then you are an accessory (for obvious reasons).

Re:Responsibility?

[gpmanrpi]

Person B, generally, has to have known or should have known that something Person A was going to do with Person B's things would be used for a crime or something bad. On another note, I think you are confusing negligent entrustment theory into a copyright case. Without having reviewed the relevant case law, I find that to be a bit far fetched. Having a duty to run a secured WiFi, is a big leap, since it is not a legal requirement. You don't have to lock your door, or your car. In many states "war driving" is illegal, so that makes it unlikely that the person is going to be held liable for the criminal action of another as the basis.

Re:Responsibility?

[Riceballsan]

Really when it comes to cars, generally the way they cover themselves, is by knowing who is using their cars at all times. Lets say hypothetically a rental car was used in a crime, anything from a getaway car for a bank robbery, to running a red light with cameras. The police contact the rental car company and ask who was driving the car with the license plate at 7:30PM on monday. The rental car company shows their copy of the ID, the form of payment they took, etc... and the police move on to look for the actual crook. Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is. A loaned car, they will probably ask you who you loaned it to and analyze it. Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence. IMO it's a grey area depending on how the wifi was breached, but that's where it opens up the can of worms, wifi cracking usually leaves no trace. Distinguishing, open wifi, secured wifi used by authorized users, and broken secure wifi, is where the case lies, and IMO should be required to file the suit. IMO the RIAA should have to send a goon to the location, determine if there is wifi, if there is then determine if it is open. If the location has no or closed wifi, have to work with local police and have the police obtain a search warrent, and actually prove the files are on a machine in said house. The batch lawsuits of gathering 10,000+ IPs at a time and suing them all requiring the defendants to prove their innocence is an abomination to due process.

Now whether the laws should even exist in the first place, is a whole other matter. IMO no, but that is off the subject, the discussion isn't on whether the law is right or not, but on whether just sniffing trackers for IP addresses, is enough to fairly judge someone guilty. My view on that is absofrickinlutely not.

Re:Responsibility?

[Dan+East]

That's not a good example, because there should be physical evidence and witnesses of the person who committed the crime inside the bank. That is additional evidence and information that either reinforces or weakens the case against the car owner.

In this case, I think a better example is if you have a car that several family members and a few neighbors can use. You simply leave the keys in the car all the time so those people can use it at will. Late at night someone takes your car (it might be one of those "authorized" people, friends of those people that know about your car, or even a complete stranger that happened by), hits and kills a pedestrian, returns the car to your garage, and a camera at the crime scene recorded your license plate number. The ONLY evidence investigators have is your license plate number and nothing more.

No jury is going to convict someone of manslaughter based on that situation, because there is significant doubt of who was operating the vehicle. Is there liability in this case for the vehicle's owner? Certainly, but if a prosecutor goes all out, and attempts to get a murder charge, then the defendant would almost certainly be acquitted. The prosecutor would likely go after some other lesser "accessory" type of charge which would also have lesser burden of proof, and lesser penalties.

Where the vehicle owner would have the greatest legal jeopardy is in a civil wrongful death case. A jury would almost certainly find against the owner of the car.

In this case the prosecution is going all-out. The analogy is not just that the prosecution claims the owner of the car was the one operating it when a pedestrian was killed, but that the owner of the car went out and sought that specific person and ran them over.

Hopefully there will be enough jurors that think "you know, I have this Wifi thing at home too, and I don't fully understand it, nor can I KNOW that it is totally secured, so it could be ME right now on this list of defendants, because someone parked on the street near my house and downloaded music using my internet connection."

Re:Responsibility?

[Dan+East]

If you loan them your car then you're an accessory to the crime.

Only if the prosecution can prove the owner knew what they were going to use the car for.

Re:Responsibility?

[i_ate_god]

your router, your connection, your responsibility.

If you leave your wifi open, you do not suddenly become a common carrier yourself.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

Now, that said, we have to look into the grey areas. Should a company be held responsible for an employee that uses their internet connection for bad things? What about a cafe with free wifi? I don't know.

but if I leave my personal home router open, and someone parks their car outside and starts exchanging child pornography, then yes, you can not 100% prove that it was me who transferred that child pornography, but you can say I enabled it by not taking the necessary steps of securing my wifi.

Re:Responsibility?

[dgatwood]

If you loan them your car then you're an accessory to the crime.

No, you aren't, or at least not in the U.S. You are only an accessory if it can be shown that you had actual knowledge that the person who borrowed your car intended to rob a bank. If someone asks to borrow my car and then, without my knowledge, uses it to rob a bank, I am not an accessory.

Similarly, you are only an accessory if you knew that loaning him or her your car would help him or her in committing that crime or evading capture in some way. If somebody tells me he or she is thinking about robbing a bank and then, in a separate conversation, asks to borrow my car to go get milk, I am not an accessory even if he or she then robs the bank using my car.

You have to have not only knowledge of the crime, but also intent to aid in the commission of the crime.

Re:Responsibility?

The Internet is meant to be open and free. You clearly oppose that because you believe that it's easier to adopt a Tough On Crime mentality than to do some actual police work. It's much easier to just throw your arms up and say "I don't know who did this, so we're punishing you!" than to accept that you can't get all the 'bad guys'.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

If normal people can't get away with it, businesses shouldn't be able to, either.

Re:Responsibility?

Using someone else's WiFi seems to be much more akin to trespassing to me more than anything. If I leave my door unlocked so that a brilliant yet highly troubled assassin uses my house as a place to set up his gun and proceed to kill someone from. Am I responsible for the murder? Not really. Maybe (Criminal) Negligence could possibly be put on me if the murder would not have happened if I had locked my door, but that is a far cry from murder and would also be highly debatable to if me locking the door would have prevented it anyway . This is how I see IP addresses in relation to copyright infringement. While there is no way of telling who actually used the IP address to infringe on someone's copyrighted work, can you reasonably prove that the infringement would not have happened if the network was secured?

Re:Responsibility?

[shaitand]

Only intentional and willful negligence leading to the harm of actual people where the negligent party had reasonable cause to suspect that might happen. Creating the potential to hinder the copyright cartels and police state from positively identifying and tracking an individual and their actions is a far cry from harming real people.

There is no physical harm that directly results from the use of an internet connection. A killer could rig up some kind of click to kill site to a machine or something but I don't think that has a "reasonable" probability of happening.

Re:Responsibility?

[foniksonik]

So if I leave my car unlocked or even my keys in my car and someone comes along and uses it to rob a bank I should be partially responsible?

Doesn't pass the smell test.

If you swap out car for tank and robbing a bank for rampaging through San Diego then it looks more like criminal negligence.

I'm thinking a misdemeanor at most for leaving a wifi connection open. That's still stretching it.

Re:Responsibility?

[nerdfiles]

In cases like this, it seems like the Sorite's Paradox, or the problem of the heap. Does the law possess a flexible enough structure to tolerate indeterminacy? Is it a matter of the {kinds} of TCP traffic which may serve an "empirical criterion" function, like hair follicle or fingerprint, for determining identity? An IP address alone says nothing, indeed, and what's more, one doesn't simply have an IP address but a wealth metadata (hypermedia application data) that shapes, or frames, how one should interpret what that IP means. Investigators will define an IP, it seems, using a scope of relevant TCP traffic.

Re:Responsibility?

[Drishmung]

With reference to gp, to whom you were responding. You need a license to drive a car (and registration). Not to operate a PC.

While YOU certainly know how to secure a router, not everyone does. Anyone, even someone with no tech knowledge (no license required to drive the Internet) can go to the store and buy a WiFi router. Which they set up. And maybe it tells them how to secure it and maybe it doesn't. If they don't, someone can drive by and steal their connection. They can abuse copyright (a civil matter) or download child pornography (felony, so proof beyond reasonable doubt is required).

In any case, who is to blame? The person that didn't secure their router? The store that sold them the gear they didn't secure? The manufacturer that didn't make equipment that had to be secured by default?

More analogy: you leave your door open and someone walks in and downloads pr0n using your router. Is it your fault? You shut your door, which they open and etc. Still your fault? You lock they door but they pick the lock. Still your fault? You barricade the door and triple lock it with three different brands of lock. They enter through the window. Still your fault?

I see what you mean about taking some responsibility, but from a legal point of view (remember, there is no right, no wrong, there is only the Law) what do we want the Law to be?

Re:Responsibility?

[sjames]

The prosecution would have to prove that you loaned them the car knowing they intended to rob the bank. Otherwise you are just another victim.

Re:Responsibility?

[mark-t]

No... more like if you leave an open suitcase of cash on your front lawn while you go out (assuming there is no wind), where anybody walking by can see it, and make absolutely no effort to secure any of it inside your own home, then you should bear some responsibility for the fact that when you come back after a few hours, it's not all going to be there.... even though other people broke the law by stealing your property, you were still negligent in how you managed it. If that money was not ever actually yours, but belonged to somebody else, then you could reasonably be legally held liable for any that was missing.

Re:Responsibility?

[mark-t]

There is no physical harm caused in counterfeiting currency either.

Just sayin'.

Re:Responsibility?

Stop "sayin'" and start thinkin'.

Re:Responsibility?

[bonehead]

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

Why should I take any responsibility for it? The person committing the crime is the one responsible. Not just for the "primary" crime, but also for the crime of ILLEGALLY using my wifi connection.

And if I had secured my router, they would have just gone down the street to McDonald's and grabbed some free WiFi there.

If some douchebag steals my shit, that makes me the victim, not the criminal.

Re:Responsibility?

[bonehead]

So how is McDonald's not legally liable for anything and everything somebody does while on their open, free, unauthenticated WiFi network?

Re:Responsibility?

[CodeBuster]

so that makes it unlikely that the person is going to be held liable for the criminal action of another as the basis.

Why take a chance on that? Secure your network or else pay someone else to do it for you, preferably through a registered business, and save the receipt.

Re:Responsibility?

[bonehead]

Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is.

And today's lesson, kids: Next time you rob a bank, throw a brick through your car window!

Plausible deniability. Good enough for presidents, good enough for us.

Re:Responsibility?

[mark-t]

They would be... if it happened often enough to be noticed. That doesn't seem to be the case so far, however. Probably because (most) people who use McDonald's free wifi don't generally stay there for hours and hours to surf the 'net. The general case is that people are usually there to get food, and may only browse online while they are eating there. When they are done, they get up and leave. Not a whole lot of time for crime committing, overall. Of course exceptions to this can and certainly do happen, but my point is that such exceptions *ARE* just that... exceptions.

In general, the only way to really avoid liability is through common carrier status

Re:Responsibility?

[AK+Marc]

Most routers sold today come secured. You have to take great effort to unsecure them. So that turns the argument around, doesn't it?

Re:Responsibility?

[Aryden]

And if you read the articles, Holle admitted to police that the men told him prior to loaning them the car, that they were going to commit a robbery AND may have to knock out Jessica Snyder. He claims he thought they were joking, but lent them the car anyway.

Re:Responsibility?

[Aryden]

Most routers these days come secured in the box, if you wish for additional hardening, then you can do it or pay for it, it still doesn't mean that it can't be gotten into. If someone steals your car and commits a crime with it, you are not responsible.

Re:Responsibility?

[dcollins117]

Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence.

How can open internet connections in any way be considered negligent? It's fundamental to the business plan of any internet cafe. Equally as important as selling coffee that cost 15 cents to brew for 5 dollars. And btw, my local library also offers it as a public service. For free

Re:Responsibility?

[spire3661]

Leaving an Open Wifi is only negligence in a police state.

Re:Responsibility?

[ThatsMyNick]

It does not.

Re:Responsibility?

[camperdave]

Most routers sold today come secured. You have to take great effort to unsecure them. So that turns the argument around, doesn't it?

Not in the least. Routers sold today may be secure, but that doesn't make the one bought ten years ago secure. Also most != all.

Re:Responsibility?

[CodeBuster]

it still doesn't mean that it can't be gotten into

It would require either breaking AES or physical access to the router for an extended period of time. Neither is likely in any case because the potential value of an additional cracked wireless network is too low to justify such extreme measures; especially considering how many wifi networks remain completely unsecured, knowingly or otherwise.

Re:Responsibility?

[Zalbik]

I'm sorry, I don't understand....could you provide a car analogy?

oh wait, nevermind....

Re:Responsibility?

[bzipitidoo]

Your analogies are poor. An open suitcase full of money? Data is not like money. Money is scarce, data isn't. That's one way in which your analogy breaks down.

While the court's question is of some technical interest, it is mostly beside the point. Often an IP address can be connected to an account. Whether the use of an account on a particular occasion can be definitely tied to a person is more of a problem. Some would love to sidestep that latter question by just making the account holder liable regardless. Which means we would all be burdened with the job of policing our own Internet connections. It's no trivial matter. Have you thought about how big a burden such a requirement would impose on us all? It wouldn't stop with Internet access. For example, if you buy a few acres in the country somewhere, you would at the least have to set up surveillance to catch any criminals who happen to trespass on your property, even if the crime they're committing has nothing to do with you. Don't be so eager to ask for that kind of responsibility.

But as I said, that's all a side issue. The main issue here is whether sharing should be criminalized so that copyright can maybe function. Would that make copyright work? We already know the answer to that one: No. Even if it did enable copyright to function as intended, do we want this? In other words, is copyright a bigger public good than sharing? Again, no.

Re:Responsibility?

Yep.

A one street address or phone number can be connected to one person or one company with a dozens of employees.

Only thing what you get from street address or phone number, is that who got it. A family father of 13 kids, wife and two dogs, or CEO in 20 employee company.

So, who is responsible to download that god damn expensive MP3 worth of $150 000 in soundtrack!!!!!

Of course the father and the CEO!!!!

Re:Responsibility?

[hawkinspeter]

Bad analogy time; that's like leaving a box of firewood on your front lawn with a sign saying "Free wood - help yourself" and someone using one of those logs to club someone else. Should you be responsible for assault?

What should happen is that you punish the person who committed the crime. If the police can't find out who did it, they can't just go after a supplier of an otherwise inocent object/service.

What would you think if the police came round and demanded that you put proper security in place for tracking which people took which logs of wood? You'd think they were being stupid and trying to get you to do their job.

Re:Responsibility?

[chrismcb]

In nashville you could be, since it is illegal to leave your keys in your car.

Re:Responsibility?

[kthreadd]

Not only that but "securing" a wireless network doesn't actually guarantee that it is secure. Wireless network security has been cracked over and over, and even if it is "secure" the user has chosen a bad pass phrase.

Re:Responsibility?

So you not going to take into account the possibility of traffic that the user is not aware of? viruses, botnets, and rootkits, (unknowingly) unsecured wifi, hidden proxies, VLAN, and other similar technologies. Many computer users have no idea what these are.
If someone were to set up one of them on the offenders computer without their knowledge, or even with their knowledge but with poor explanations of what the technology allows, or the user just forgot to disable the technology, or they got hacked shouldn't be taken into consideration? Under your logic if I were to somehow install a back door onto your system, then hacked a bank and stole a large sum of money using your connection, you should be responsible? After all you were responsible for the connection. And to make things worse it's not even hard for me to hide the traces of said computer hijack. On top of all of that I can encrypt my connect making it even nearly impossible to prove that the connection was not yours.
Now if there were a way to somehow prove that the connection was not hijacked then it's a different issue. But that would require that your computer be seized, and if I hid my traces then even that wouldn't prove anything. Then there is the issue of what if you have sensitive data on your computer that if lost or you didn't have access to for a period of time would result in losses to you.
Even if they managed to prove all of that, there is technologies like the TOR network, that basically shares your connection anonymously with others. What about internet cafe's, where the network is openly shared? What if you hold a LAN party and someone downloads something? Should you be responsible for others activities on your openly shared network?
The simple fact is that there is no way to with 100% accuracy prove that activity on a connection is the connection owners.

To make things worse, it's not always easy to tell if the download you are downloading is illegal or not, it's not like pirated content states flat out that the content is pirated, heck in many cases the copyright isn't even included with the download. To compound this, some sites mix legal downloads with illegal downloads, and give no way to differentiate which is which. And with technologies like bit-torrent where you pretty much have to share the file while you download it, you can even be accused of sharing a file where you had no idea that the contents were copyrighted.
And with mass lawsuits this gets worse. Because, it becomes more of a scare tactic than a actual suit.

Now I'm not saying that copyright holders shouldn't be reimbursed for their works. I'm just saying that the aggressive approach has a lot of holes.
What's more there are many alternative business models that have been equally effective and in some cases more effective that didn't require the aggressive sue happy approach, and many of these models the actual content is distributed for free. You can even make money off open source. I'm not saying that these should be mandatory, i'm just saying the public looks at them in a better light because no one likes being in court, except maybe a lawyer.

Re:Responsibility?

[shentino]

An oppressive law that imposes strict liability and holds you criminally responsible for everything that comes out of your computer, and deliberatley doesn't give a shit if someone else did it.

Considering that it will hamper free speech I see it happening anyway just to make it easier for the elite to control things.

Re:Responsibility?

[shentino]

Saying "I don't give a shit who did it, it came from your internet" is a powerful motivator for people to clamp down out of fear.

And that suits the authorities just fine. They don't want upstart outspoken free speech yahoos providing TOR exit nodes anyway. They WANT you to help them censor things, and if they can make you do it by holding you responsible for other people's crimes just because they borrowed your internet to do it they will.

And learn your place you dirty fucking peasant...because businesses are in charge and they get things you don't. So suck it up.

I am of course being sarcastic on the last one, but cracking down on people that only provided the internet connection is not entirely based on ignorance. Many don't care, and are happy to force you to do their work for them.

Re:Responsibility?

[shentino]

Simple. The government can damn well decide that it's illegal to leave your car unlocked and hold you responsible for the bank robbery because hey, they don't really like you leaving your car unlocked anyway.

Re:Responsibility?

You're still not going to be blamed for the fact that someone used that money to buy drugs, though.

It's not using a open access point that's illegal (it may be if it was unintentionally left open, but that's not a given), it's the files the connection was used to download.

Re:Responsibility?

[shaitand]

Yup. So I wouldn't support CRIMINAL negligence charges against someone who failed to inquire with interpol regarding the counterfeiting record of someone before loaning them a printing press.

I'm not saying that nothing that fails to cause physical damage to a person is a crime. I'm saying that negligence shouldn't be considered criminal unless it is intentional and leads to physical harm.

Person trips and falls on stairs, landlord didn't check stairs for safety in recent history. Negligence but not criminal. Same scenario but landlord had been notified the stairs were dangerous and wanted to wait an extra month so he could get the tax break on the next year. Negligence should definitely be criminal.

Leaving your wifi unsecured may be stupid and arguably negligent (although I see nothing wrong with providing free unsecured wifi) but there is nothing criminal there. There might be room for civil liability if someone used his connection to deface a website for instance, but even that is questionable. Anyone providing open wifi is acting as a common carrier. There is no justification for giving this status to corporate profiteers selling connectivity and not give it to private citizens generously providing the same to others for free.

Re:Responsibility?

I have 7 years of age WIFI router, it works for me. I am sorry break it to you, i am not going to buy another router. Why bother? It works for me NOW!
Unless YOU personally are willng to buy a new one.

Re:Responsibility?

[shaitand]

Sharing WIFI is not criminal negligence. If a profiteering corporation sells internet connectivity it is afforded protection as a common carrier. Why should a private individual kindly doing the same out of generosity and not profit motive not be afforded the same protection?

This is no different than sharing any resource. If I have a chainsaw and I leave it by the front door with a sign that says it is open to community borrowing; my generosity shouldn't cost me legal responsibility if a neighbor borrows it and uses it to kill his wife.

Bottom line, being frustrated because it is difficult to positively identify the criminal does not make it okay to prosecute someone tangentially related to some tool used in the commission of the crime simply because they are easy to identify.

Re:Responsibility?

[AmiMoJo]

If the location has no or closed wifi, have to work with local police and have the police obtain a search warrent

Involve the police and get a search warrant for copyright infringement? That's rather extreme if you ask me. It is a civil matter, if they can't prove it then that's too bad for them and doesn't give them the right to start invading people's privacy or acting like they are potential criminals.

Re:Responsibility?

[Riceballsan]

I agree, I also don't think that the police will be likely to jump up and down at the request unless the IAAs start pouring money into the police departments. I'm just trying to come up with a minimum possible to actually give a chance for enforcement that actually fairly captures infringers. I honestly don't imagine even imagine the RIAA actually bothering to jump through those steps, the number of infringers out there, if they actually have to take the time to investigate rather than take a spray and pray approach of collecting thousands of IPs and sending out a mass mailed court invite, it wouldn't even come close to being worth theirs or the police departments time. Catching say 500 of the millions upon millions of infringers a year, does not seem likely that they will follow through.

Re:Responsibility?

[Riceballsan]

it isn't uncommon of a tactic in crime from what I hear, people will intentionally report their car stolen, before loaning it to a friend to do something that they expect the car to be tracked to.

Re:Responsibility?

[dnahelicase]

but if I leave my personal home router open, and someone parks their car outside and starts exchanging child pornography, then yes, you can not 100% prove that it was me who transferred that child pornography, but you can say I enabled it by not taking the necessary steps of securing my wifi.

No. Just no.

If I use your water, from your unsecured hose spicket, to flood your neighbors basement, does that make you negligent?

Since you went right away to child porn, what if I use that water do waterboard children? Or pour it on the street in below freezing temperatures? When will you start securing it?

What if I do have security on my home wifi, but it's weak WEP with a poor password? Am I still negligent when my security isn't good enough?

No matter how you cut it, unsecured wifi does not = enabling crime!

Re:Responsibility?

[steveaustin1971]

But this is copyright law. If a person has not knowingly infringed the case is out the window.

Re:Responsibility?

This is why criminals get caught.
They half ass everything, even their alibis.
If you're going to pretend your car was stolen, you should actually steal it, and do everything you would do if you stole someone else's car.
And don't forget to actually report it stolen, otherwise the whole exercise is pointless.

Re:Responsibility?

This is a terrible analogy (but then, they all are). Your argument would be better put:

You left an open suitcase of cash on your front lawn and, if someone takes the money and uses it for something illegal (purchasing drugs, for instance) then you should be held liable.

Because the case in question is *not* whether it is wrong to connect to the open WiFi connection (e.g., take the suitcase of cash) but whether the person who provided the access point (cash) is responsible for all illegal activities that make use of it, regardless of whether or not that person himself performed those activities.

Re:Responsibility?

This assumes that I care about the money all being there when I get back.
Maybe the reason I left a suitcase full of money in the front yard was so people who need some could take it without having to ask.

Re:Responsibility?

[kelemvor4]

The batch lawsuits of gathering 10,000+ IPs at a time and suing them all requiring the defendants to prove their innocence is an abomination to due process.

This is what I would call the real crime here. Even if the defendants supposedly did commit some kind of "virtual" theft it is small potatoes to what has been done to our judicial system.

Re:Responsibility?

[Hatta]

You assume wifi can only be used for ill. Leaving your wifi open is on the whole a public service. You will help more people than will be harmed by bad behavior. You shouldn't even get a ticket, you should get an award for leaving your wifi open.

Re:Responsibility?

[kelemvor4]

And btw, my local library also offers it as a public service. For free

My library offers wireless internet as well. They do however require you to have a free login and password to uniquely identify you and employ a firewall to block stuff that could pose a problem. Easy solution.

Re:Responsibility?

[mark-t]

Uh.... if somebody takes the money, then they've *already* done something illegal. Full stop, right there. They took something that didn't belong to them. Let's say the money didn't actually belong to you, but was your responsibility. You wouldn't be guilty of stealing that money, but you'd still be held accountable for the part you played in the fact that any was missing. Whether the money is, in turn, used for any illegal activities is entirely irrelevant to the analogy I was making.

Re:Responsibility?

[kelemvor4]

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

For the same reason your local government isn't held liable if someone uses a city street to commit a crime, it doesn't make sense. Being kind to others is not a crime (yet).

Re:Responsibility?

[mark-t]

I think you missed my point. The post to which I responded appeared to advocate that merely because something does not cause any actual harm to any person ought to apparently be sufficient reason for the activity to not be criminal.

Counterfeiting causes absolutely no physical harm to anybody. However, it is most definitely a very serious crime. That the counterfeiter may have borrowed the printing press from somebody else is irrelevant.

But for what it's worth, if you are trying to draw this closer to the idea of having an unsecured wifi, it's worth noting that lending a very high fidelity printing press to somebody who then proceeded to use it to counterfeit money *COULD* very easily make the lender guilty of criminal negligence if they had deliberately made a decision to allow anybody to freely use their press without bothering to keep records of who they lent it to. The negligence wouldn't be in the lending itself, however, the negligence in such a case would be in the not keeping track of who was using it, making it impossible for you to assist the police if they should trace the committing of a crime to your property. It might be up to a jury to decide whether you should be held criminally liable for that negligence, however.

Re:Responsibility?

[JesseMcDonald]

No... more like if you leave an open suitcase of cash on your front lawn while you go out (assuming there is no wind), where anybody walking by can see it, and make absolutely no effort to secure any of it inside your own home, then you should bear some responsibility for the fact that when you come back after a few hours, it's not all going to be there.... even though other people broke the law by stealing your property, you were still negligent in how you managed it.

Negligent or not, it's still your property, and you still have the right to get it back and to punish those who stole it. You'll just have a harder time convincing anyone to help you.

Now, if someone was so foolish as to try to prevent you from recovering your property on your own (as governments routinely do), then they would be taking on the responsibility to do so in your stead, to the best of your ability, no matter how negligent you may have been. To do otherwise would be to actively assist the thief in getting away with your property, and thus become an accessory to the crime.

Re:Responsibility?

[Aqualung812]

Sure, if I leave money out in the open, I can't be mad if someone takes it.
If I leave my WiFi open, I can't be mad if someone uses it.

HOWEVER:
If I leave money out, and someone buys drugs with it, it is NOT my fault that THEY bought drugs.
By the same token, if I leave my WiFi open, and someone does something illegal on the Internet using my connection, it is NOT my fault that they did someone illegal!

Re:Responsibility?

[rtb61]

Computers of the typical user have been hacked over and over and over again, millions of them, formed into bot-nets. No amateur computer user with their bog default windows install hooked onto the internet via a broadband modem can keep it secure, just a matter of random dumb luck that they are not hacked at any particular time.

ISP records, the value of ISP records themselves have to be called into question. It is a system largely to control billing in the 20 dollars per month category, what would the ISP's responce be if they were required by the court to warrant the accuracy of their information to the tune of say 1 million dollars per in-accurate IP/time/date stamp. Courts are attempting to use circumstantial evidence from an validated source, of questionable quality.

In the car analogy, there was no record of the cars presence, the was not even a record of a cars registration plate, all there was were the claims by an agency about the digital representation of a number plate and who gets paid per claim and evidence from another group about where the digital representation maybe might have been subject to that group being totally free of any consequence with regards to the quality of the information provide.

Re:Responsibility?

[trdrstv]

An IP address will identify a connection, that someone is responsible for.

There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.

So you're saying if I loan my car to a friend and he accidentally hits and kills someone with it, then I'm being negligent and an accessory to their death ?

Re:Responsibility?

assuming businesses are people too

Re:Responsibility?

[HeckRuler]

your router, your connection, your responsibility.

If you leave your wifi open, you do not suddenly become a common carrier yourself.
...
What about a cafe with free wifi? I don't know.

Whoa! Whoa there.
What kind of double-standard bullshit is this? A business offers free wifi and you "just don't know"? But if an individual offers free wifi, then it's all liability, responsibility, and child porn?
I understand the argument that the owner of a connection should be liable for that connection. I don't particularly agree. But this sort of double-standard where the masses get the full brunt of the law shoved down their throat but somehow when you tack on "LLC" to the defendant then there's a perfectly understandable grey area of plausible deniability and understandable limitations... It just kinda pisses me off, you know? If you're going to have bullshit rules you could at least apply them to everybody.

Re:Responsibility?

The Internet is meant to be open and free. You clearly oppose that because you believe that it's easier to adopt a Tough On Crime mentality than to do some actual police work. It's much easier to just throw your arms up and say "I don't know who did this, so we're punishing you!" than to accept that you can't get all the 'bad guys'.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

If normal people can't get away with it, businesses shouldn't be able to, either.

What is required to become an ISP? It seems to me that we should all file paperwork to become ISP's, therefore we are not responsible.

Re:Responsibility?

[orgelspieler]

Yeah, I think GP was probably the worst analogy I've ever read on this site. Much better analogy would be leaving your house unlocked and somebody using your home during the day as their home base for some illegal activity. I'm pretty sure there already some jurisdictions where if criminal activity takes place on your property, you bear some responsibility. They might have to show that you knowingly permitted and/or benefited from the activity, though. I can't recall, and googling for illegal activities at work is a Bad Idea (TM). Obviously this can't be widespread, or else just about every hotel would be in big trouble. Shoot, renters and apartment complexes would even be at risk.

Re:Responsibility?

[orgelspieler]

I got a ticket for running a red-light in Canada because the rental car was still in my name. Never mind the fact that I'd already returned to the US. The guy relieving me never went to the rental office to fill out the papers. My company paid for it, but it still pissed me off.

Re:Responsibility?

what if some one hacks your wifi, are you still responsible?

Re:Responsibility?

[zlives]

you mean people came by and photo copied your money and left the original where it was... why would that be a crime

Re:Responsibility?

Don't take this the wrong way, but seriously, go fuck yourself.

Re:Responsibility?

Why shouldn't your ISP? ( as has been said above), with open wifi, why can't you claim common carrier status? I can't practically keep my wifi open to guests if I also have to monitor traffic any more than an ISP can practically operate if it must monitor traffic. Another thing is that most Wifi network passwords are weak. Password crackers exist that can get you into most 'secured' wifi networks in a matter of minutes/hours.

Re:Responsibility?

[GargamelSpaceman]

YES!

Re:Responsibility?

Close, but still suffers from the same "...except it doesn't require any kind of specialized knowledge or tools to do it" flaw that most analogies about wireless security seem to have. Because really, I know this is Slashdot and we're all experts on everything, but if you go up to the hotdog vendor on the street and ask him about sniffing wireless traffic he'll tell you that wifi doesn't have any smell and that electric cars don't need power cables to run.

The suitcase is closed and has a sticker on it saying "fragile", suggesting that it may contain valuables (like how any wireless network may route traffic containing sensitive data). It has a keyed lock (the average person thinks a wireless network is safe to use) but in fact all you have to do is turn the outer ring to unlock it (false sense of security) and a mere paperclip or screwdriver will do the job (can find sniffing software everywhere).

Once you learn about the flaw you upgrade to a suitcase with a 4-digit combination lock (WEP security), but then someone found a flaw in the design and now it's about as effective as a 2-digit lock: still takes time to crack the code but not much at all.

Because of this most stores try to phase out that suitcase, suggesting to you that you buy ones requiring a real key (WPA/2) instead. However if you look you'll still find the old suitcases at the bottom of the pile, or back of the shelf, or in storage in the back room (WPA/2 is the default option but WEP is probably still included in the list). And until someone makes a skeleton key (cracker) or finds a flaw in the design (insecure algorithm) you'll feel safe with your new suitcase for a while longer.

Re:Responsibility?

Or someone's hacked the router. Or it was left open because you're fine with other people using it. Or someone used an IP spoofer.

So what you're saying, is that if someone steals my car and kills someone with it, I should go to jail? Or if I have say... an air hose for people to fill up their tires, because I'm nice like that or something, and someone uses that hose to strangle someone, I should be the one imprisoned? Or if I accidentally left a potted plant in front of my house, and someone sneaks onto my property, takes it, and bludgeons someone to death with it, that death is directly my fault, because I was responsible? I should have actively bolted down or chained the plant to the steps (but not too long of a chain... someone could strangle someone else with that chain when I'm not home, and I'd be responsible for another murder).

In a nutshell, anything that I own, whether I leave it out for others to use, or it's left out accidentally, or it's stolen, I'm responsible for any and all illegal things done with it?

Mental note: never buy a car, just steal them. Then I can run as many red lights as I want, run down as many pedestrians, and the police won't bother going after me, but arrest the guy who's car I stole. SWEET!

Yes, this seems reasonable.

Re:Responsibility?

[mellon]

It's funny that you are so sure that you are liable if you leave your router open, but you are not as sure if it's a company and the company's employee misuses their internet connection. What is the distinction between these two cases that is so clear to you? I don't see it. Why is an Internet cafe different, for that matter?

If I didn't know better, I'd say you worked for a cable company or something, and were trying to discourage WiFi sharing.

Re:Responsibility?

Any statement starting with "most" needs to cite it's sources or stop talking.

Re:Responsibility?

[AK+Marc]

www.linksys.com. Try google sometime. I haven't seen one in the past 5 years that didn't come with a PSK security enabled with the key on a sheet of paper or a sticker on the box, or some "connect/secure" button..

Re:Responsibility?

your router, your connection, your responsibility.

If you leave your wifi open, you do not suddenly become a common carrier yourself.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

Now, that said, we have to look into the grey areas. Should a company be held responsible for an employee that uses their internet connection for bad things? What about a cafe with free wifi? I don't know.

but if I leave my personal home router open, and someone parks their car outside and starts exchanging child pornography, then yes, you can not 100% prove that it was me who transferred that child pornography, but you can say I enabled it by not taking the necessary steps of securing my wifi.

Interesting - so then if I'm in an area of a city with public Wi-Fi (Portland, OR, had partially done it I thought) and I use said Wi-Fi to download child pornography, the city is liable? And if I walk into, say, my local Starbucks coffee shop and use their Wi-Fi to download music illegally, they are liable for it?

Say goodbye to any 'free' wireless network access, no company would keep it running if they are liable for whatever their users do.

Re:Responsibility?

So how is McDonald's not legally liable for anything and everything somebody does while on their open, free, unauthenticated WiFi network?

They are a large corporation with big deep 'pockets'... the RIAA/MPAA, etc, wouldn't want to sue them because both sides would spend a fortune on lawyers, and end up with some meaningless settlement. It's far easier to 'threaten' the little guy making $10/hr and extort him for money with the threat of a lawsuit.

Re:Responsibility?

But for what it's worth, if you are trying to draw this closer to the idea of having an unsecured wifi, it's worth noting that lending a very high fidelity printing press to somebody who then proceeded to use it to counterfeit money *COULD* very easily make the lender guilty of criminal negligence if they had deliberately made a decision to allow anybody to freely use their press without bothering to keep records of who they lent it to. The negligence wouldn't be in the lending itself, however, the negligence in such a case would be in the not keeping track of who was using it, making it impossible for you to assist the police if they should trace the committing of a crime to your property. It might be up to a jury to decide whether you should be held criminally liable for that negligence, however.

Please point me to the law that says I am responsible for keeping a record of who is using my printing press, or a law that lists what things I am required to do in order to 'assist' the police in doing their job.

Re:Responsibility?

And btw, my local library also offers it as a public service. For free

My library offers wireless internet as well. They do however require you to have a free login and password to uniquely identify you and employ a firewall to block stuff that could pose a problem. Easy solution.

Now the local library needs an IT person to manage the firewall and the password system, adding to their budget which is already threatened by budget cuts. May as well just close the library then, solves all the 'problems' right?

Re:Responsibility?

[pantaril]

I'm thinking a misdemeanor at most for leaving a wifi connection open. That's still stretching it.

Even this is too much. Making open wifi should'n be prosecuted at all, on the opossite, it should be encouraged. Building communication infrastructure is good think. Think of the possibilities (ad hoc mesh networks, better routing protocols etc.)

Prosecuting providers of open internet access for crimes commited using their networks is in my opinion similary stupid like prosecuting road construction companies for every stolen car which use their road.

Re:Responsibility?

[mark-t]

First of all, criminal negligence cannot ever even apply unless an actual crime (something which is specifically against the law) has actually happened. The whole point of such a classification is that there aren't really any laws prohibiting it, because you can't exhaustively cover every single case. You can, however, still ascertain in a courtroom, after the fact, whether or not it would have been reasonable to expect somebody to have done something which would have prevented the crime from occurring, or the perpetrator of the crime escaping justice (operative word there being reasonable). Again, however, this would be something for a jury to decide. If you believe that deliberately deciding to be ignorant of things that could actually be in your own best interests (since not keeping track of who is using your equipment would prevent you from holding the user of it accountable to you for any wear and tear that occurs as a consequence of their use) is reasonable... if it should ever come down to you facing such an issue, then you're more than welcome to try and use that defense in a courtroom and see if it flies.

Re:Responsibility?

[scotjam]

There's trouble (a parking ticket with a $100 fine) and then there's trouble

The burden of proof for the latter (or any other life-ruining penalty) should be much higher. This is not proportionate, even if it is proven that she did it herself.

Blaming her for negligence doesn't make sense. IANAL, but poor / no security (e.g. a failure to encrypt an internet connection or encrypting it with WEP, leaving a car unlocked that is subsequently used to commit a crime etc.) is not an act of negligence that should result in penalties such as these in any rational legal system.

If anyone disagrees, can they please represent me against Sony for exposing my credit card details (as part of the PSN hack)?

Re:Responsibility?

bullshit, that's based on fear. until ze law makes me do it all my connections are open and anyone can access my wi-fi, i don't see why not

Re:Responsibility?

[Cedarbridge]

I thought you were onto something and then you went straight off the rails. If you are actively setting up outlets for people to do something that is illegal (even if you don't like the idea that it is illegal) then the police don't even have to think of it as a fear generation issue. From that point forward it is only a crime control issue. Somebody (they may not know who) is committing a crime, you are enabling that crime. That is what makes you culpable. Unless you're going for the "people are afraid because they might get arrested" thing which is stupidly reductionist when you realize that the whole body of crime prevention is based on the idea of not wanting to get arrested.

Re:IPs parallel the discoverable world

[eqisow]

People can share IP addresses, but only twins share DNA?

An account holder is responsible for all traffic

That is the ultimate ruling that will result from this. Don't delude yourself into thinking it will end any other way.

i'm from PA

oh god i sure as hell hope my VPN provider doesn't respnd to legal threats.

wait, was i even connected?

oh god

Re:IPs parallel the discoverable world

[pwizard2]

Faulty analogy. I could temporarily use your internet connection to download something if you leave your wifi unsecured (or inadequately secured... for those who still use WEP). I can't hijack your body and use it to commit a crime that can be traced back to you through DNA evidence.

Re:IPs parallel the discoverable world

[bonehead]

From the comfort of my living room I can connect to no fewer than 6 access points that don't belong to me. 2 more if I wanted to take 5 minutes to crack a few WEP passwords. If I had a mind to I could use them to download movies, music. If I really wanted to cause trouble there are plenty of worse things I could do.

There would be absolutely no way to trace that activity back to me, and the people taking the blame would be guilty of no other crime than not understanding how networks operate.

Spoofing another person's DNA would be *slightly* more challenging.

Re:IPs parallel the discoverable world

Your DNA can get nearly anywhere very easily. If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.

DNA isn't as accurate as some make it out to be.

It can help.

[TheLink]

An IP address can _help_ positively identify a person.
It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.

But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.

However in this case they want huge fines and the fines to go to them ;).

Re:It can help.

[SQLGuru]

So, what about this:

I can change my IP address to anything I want. Sure, if it's in use, there will be collisions and what not, but if I get lucky, it's unused. But from the standpoint of the argument, which IP address does my ISP think I have? The one I got via DHCP from their servers? Or the one I manually set (assume it's still one of the ISPs pool of numbers and I got lucky with one that was currently free). Also assume my MAC address is spoofed to BEEFCAKE or what have you.

Re:It can help.

[fnj]

It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

So in other words, really it CAN'T negatively identify a person. There is nothing to say John didn't visit Harry and use Harry's router to download. It can't positively identify, and it can't negatively identify. It can't identify SHIT. Not by itself.

Exactly like you said, it is merely a piece of evidence which MAY, combined with other evidence, combine to accumulate evidence against you.

Re:It can help.

[Drishmung]

It depends on the ISP and how you connect, but in many cases the ISP will enable configuration so that if you try and use an IP address other than the one they gave you it will fail. This if for no other reason that a compromised or busted device sending promiscuous ARP with bogus addresses acts as a denial of service attack. See this cisco document for how this works on some equipment.

Re:It can help.

[mark-t]

I'd place not insubstantial odds that your ISP isn't going to accept data from you at all if you change your IP address to one that doesn't actually belong to you.

Re:It can help.

A Court deciding because your property was used in the commission of a crime is legal farce; beyond a reasonable doubt is the standard of proof, not guilty until proven innocent. The only reason states get away with this is because, even after higher district courts rule against them, most of the fines given are for smaller dollar amounts; $50, $100, $20, etc. Start ramping it up towards $250, $500, $1000 like some states have, yeah. The truth there is Cops have been shot for less guys.

This entire debate is a farce; the fact is with 100+ year copyright the public has no incentive to participate in copyright and thus breaks copyright willfully. We are, today, creating as much culture as we are forgetting.

All I know is if the **AA came after me, I wouldn't go to court. If you're going to ruin my life, I am going to ruin yours; that's the way the world works.

Re:It can help.

[nabsltd]

It depends on the ISP and how you connect, but in many cases the ISP will enable configuration so that if you try and use an IP address other than the one they gave you it will fail.

Yeah, I've got a /29 routed to me, but since I only pay for 5 of the 8 IPs, that's all I can use. But, nobody can use the other 3, either. I've been meaning to contact my ISP and see if they can give me a deal on the other 3 because of this.

Re:It can help.

Become tier 1/tier 2 network and there will be many ISPs that will accept whatever address you have added to your BGP announcement.

Re:It can help.

DOCSIS is a little different than your ethernet LAN and this won't work in any of the networks that I've been involved in.

Re:It can help.

Try changing your IP address. It most certainly will not work. (If you were the type that had access to a network that you could do this I would expect far more sophisticated understanding of IP networking). You can't change your IP address for a bunch of reasons so this whole thing is academic. But let's say you could. In that parallel universe it doesn't change the fact that the physical port to your CPE is easily traceable from the packets coming from it. If packets with a MAC of BEEFCAKE are in the broadcast domain it's pretty fucking trivial to map that to a physical port (that's kind of the point of having managed equipment). The ARP packets will identify the IP addresses. Your ability to have some flexibility in IP address or MAC address (in fact you have the latter in many cases, but not the former) has nothing to do with traceability at the scale discussed here.

Re:It can help.

[shentino]

It's more like how the RIAA uses the threat of a big lawsuit to extort a smaller but still hefty settlement.

They put a loaded shotgun on your head and threaten to blow your brains out if you don't let them break your legs.

Their real motive is to break your resistance and teach you a lesson in not fighting back against the man.

They don't actually give a damn if you're guilty or not.

Re:It can help.

[FaxeTheCat]

A /29 subnet contains 8 addresses.
The first address is the network address and cannot be used.
The last is the broadcast address and cannot be used.
This leaves one unused address in your case, which may well be a local address for the router or some other ISP use.
So basically, you have the 5 addresses your ISP can/will give you.
See http://www.aelius.com/njh/subnet_sheet.html for details on subnets.

Re:It can help.

The only IP address any RIAA/MPAA lawyer is going to have is the one used to do the downloading. You don't have to spoof your IP pre-ISP to accomplish this. You can exploit any machine along the chain to accomplish this effect.

Re:It can help.

[tlhIngan]

I can change my IP address to anything I want. Sure, if it's in use, there will be collisions and what not, but if I get lucky, it's unused. But from the standpoint of the argument, which IP address does my ISP think I have? The one I got via DHCP from their servers? Or the one I manually set (assume it's still one of the ISPs pool of numbers and I got lucky with one that was currently free). Also assume my MAC address is spoofed to BEEFCAKE or what have you.

Try that and it'll probably not work, especially on cable systems where the headend is the DHCP server. Sure your IP will be different if you use a different MAC (provided you're provisioned for multiple IPs or released the old one). However, once issued, that IP is allocated to your modem for the duration of the lease. If you try switching addresses, the headend won't bother forwarding packets (and probably drop the invalid packets you send).

DOCSIS modems often "lock" to the first available MAC address that shows up during startup, too (a powercycle lets you change your MAC), so they're not as transparent bridges as you think.

Re:It can help.

[TheLink]

You can often use the first address. And if you are willing to sacrifice some reachability to the next adjacent network you can also use the last address.

This assumes your ISP will forward packets to/fro the first and last "broadcast" address for you. Some do, some might not.

Re:It can help.

[FaxeTheCat]

Forgot the missing address: The gateway address.
The router needs to have an address so that it can talk to the rest of the LAN. So for a /29 subnet, 5 is the maximum number of addresses available for the user.

Re:It can help.

[FaxeTheCat]

I highly doubt that the ISP is willing to mess up the network configuration and take the risk of unpredictable network problems just to give some people an extra address or two.
Especially considering that most people install a router with NAT to get unlimited internal addresses anyway.

Re:It can help.

[nabsltd]

Forgot the missing address: The gateway address.

My misuse of the word "routed" has caused misunderstandings...I have a /29 assigned to me (whois lookup says I'm the contact, not the ISP), but the routing works as if a /24 is being used, so the my router has a subnet mask of 255.255.255.0 on the public address.

This is still an issue? Are you KIDDING?!

[chronokitsune3233]

Given the fact that wi-fi is so predominant these days and the fact that several access points are left unsecured as well as the fact that any particular access point routes to one of a number of IP addresses belonging to the same subscriber, an IP address is not a reliable way of determining who actually downloaded things illegally.

Re:IPs parallel the discoverable world

DNA stores a lot more information.

http://en.wikipedia.org/wiki/IPv4

Right there in the Addressing section. 4.3 billion addresses for 8+ billion people's devices, so we share them.

Re:IPs parallel the discoverable world

[neonmonk]

Yes you can. You can easily 'hijack' DNA from someone and plant it at the scene of your crime. Hair clippings, skin flakes, spit. You could even use it to commit the crime if you so desired, but you'll need a fair bit of hair to choke a full grown man. Could be fun though.

get away car

[goombah99]

It's a bit like finding the get away car for the bank job in your house and all the neighbors agree you use it to drive to work.

Re:get away car

[LordLimecat]

...Except instead of it being "your car", its a ZipCar, and its shared by 20 other people on a weekly basis.

Re:get away car

[AK+Marc]

And the ZipCar's records show you were driving it at the time. I had a "dynamic" address that remained on the same IP for over 5 years. IP addresses are much more reliable than slashdotters say.

Re:get away car

[Aryden]

And again, you keep saying this. An IP identifies an address, not a specific person, which is what this case is about.

Re:get away car

That depends when you had it and the way you use the internet. It's more likely that it would be stable for years for folks on slashdot, mainly because people here are less likely to be offline for long periods of time. Depending upon the lease time being off line for a day or two can be enough to result in the IP being reassigned.

Also, it depends how reliable your networking gear is, if you go offline, sometimes the modem will request a new IP upon reboot.

But, even beyond that, IP at best tells you what the router or modem is that made the request, it gives you precisely 0 information about which computer did, and just as much information about who was using the computer at the time.

Re:get away car

[AK+Marc]

An IP identifies an account (assuming accurate logs), and that account names a person. That's sufficient for most uses.

Re:get away car

[Kjella]

It's a bit like finding the get away car for the bank job in your house and all the neighbors agree you use it to drive to work.

With the slight analogy breakdown that it could be used for a bank job while you drive it to work and most people wouldn't notice.

Re:get away car

[mrbester]

Not even close. An IP that is identified (assuming accurate logs) as having at some time originated from a connection associated with an account merely means that at some time a connection associated with that account was made with that IP. Nothing more.

Even if it is a static IP it still doesn't identify anyone as addresses can be spoofed. Or, as in any user of BTFON - where part of your router's wireless capacity is set to an open network in return for free connections around the world; the address the ISP has remains the same irrespective of which network was used - it can be anyone who happened to be in range.

Re:get away car

[nosferatu1001]

That account names a person, but it does not name who was actually using the system at the time - it cannot do so

NAT means that the system has no idea what box has actually connected, and even less about the actual person sitting behind it.

Re:get away car

[Endo13]

Wrong. In a best-case scenario, an IP address identifies a computer. Unless you also have an accurately time-stamped video log of who is using the computer, an IP address cannot ever 100% identify a person.

In worst-case scenarios, printers and old grandmas who've never used a computer in their life get accused of file sharing.

Re:get away car

[LordLimecat]

For TCP, no, IPs cannot be spoofed, because the connection would never complete. The only time you would / could spoof an IP address with TCP is if you simply dont care / want return traffic, and even then theres a high chance that the ISP is just going to drop your traffic as bogus. If youre actually trying to do something meaningful like transfer files over TCP, you have to be using an IP in the proper subnet, and for all intents and purposes its going to be your IP.

It is true however that a static IP really doesnt identify a person; when NAT is involved, you really cant know who's behind an IP unless lots and lots of logging data was stored on both ends of the connection.

Re:get away car

[AK+Marc]

Wasn't it Mitnick that managed to spoof TCP successfully? He "guessed" sequence numbers (it was a calculation, not a guess), and guessed the responses from the other end so that he assumed the other side was responding appropriately, even if he couldn't see the response. He "tricked" it into opening an outgoing session to him that he then used to get in to do damage. No actual damage was done with a TCP spoof, just what's essentially a privileged elevation, but it has been used at least once in a well known attack.

But that was years ago, and why it's standard policy to block all internal IPs from ingressing the WAN port, and (less standardly) vice versa.

And, having worked for a few ISPs, every one I know of blocks incoming IPs from their owned range, which would stop all such attacks or spoofs from outside the network, and if someone on your network is spoofing your IP, then neither will work very well.

That, and your point about it being useless for transfers (what you imply, if not state directly), which would be required for downloads to work, would be impossible with a spoofed IP, as that takes millions of round trips, and accurately guessing the transmissions from the remote side indicate that the spoofer already has what he's trying to download, and is spending massive amounts of time to frame someone else for a download that never happened.

Slashdot, where the technically possible (just barely), but practically impossible (meaning it is in a practical sense, impossible, not that it's "almost impossible" as so many take the phrase) is considered trivial.

Re:get away car

[AK+Marc]

Wrong, in a best case scenario, it identifies a WAN port on a device (usually a router, rarely these days a computer). And if the issue is liability, identifying that port is sufficient to identify the "responsible" party.

Re:get away car

[LordLimecat]

Its not about accurately guessing anything. If you spoof your IP as 78.77.76.75, and send that traffic, there MIGHT be a response if your ISP doesnt block it, but you sure arent going to get the response. Someone elses firewall will see this strange, unsolicited SYN-ACK traffic, and silently block it.

Re:get away car

[Endo13]

I don't think you understand the term "best-case". For these guys, best-case scenario IS the computer being directly connected to the connection from the ISP (not everyone uses a router even now), in which case it may in fact identify the computer. And no, that's still not sufficient to identify the responsible party. You don't know how many people regularly use the PC, you don't know if any unauthorized individual used the PC, and there's always new malware out there that does strange things. I'd be surprised if there isn't some already that uses compromised PCs to download torrents.

Re:get away car

[AK+Marc]

I was giving the literal best case. With the theoretical best case, the ISP has a captive web portal with auth, and the IP uniquely identifies a username and password, which is taken by more people to identify a person. And if that's objected to by people here, then the ISP has a 2-factor authentication for their service (doesn't have to be web portal, but I mention that because PPPoE is generally automated, but a captive web portal would not have an unattended login.

When you are going to irrationally discuss some impractical hypothetical ideal, then 2-factor ISP login requiring a human to type in the password, and not an automatic login would be closer to the "best case" than any given here.

But no, people complain that my "best case" isn't good enough, and will likely complain that my theoretical "best case" would be too good. Which means nobody else's best case was a best case either, and they just argue because they don't like my conclusion, even if correct.

Re:get away car

[AK+Marc]

If I send a packet to 78.77.76.76 spoofed as 78.77.76.75, and my spoofed packet is the replay of a valid telnet login into that device and a command to FTP PUT PRIVATE.TXT to my server, how did my TCP spoof not get me what I want?

Go read up on the Mitnick attack. You are arguing that what has happened in the wild at least once is impossible. I have proof otherwise. http://www.eecis.udel.edu/~bmiller/cis364/2012s/readings/mitnick.html Someone has successfully compromised a system using TCP spoofing as one of the necessary parts of the the attack.

Re:get away car

[Fned]

And the ZipCar's records show you were driving it at the time.

No, they don't.

They show that your ZipCar card was used to activate the car.

Re:get away car

[AK+Marc]

That's what I said. The records indicate you were responsible. I don't know the terms of service, but I've seen a number of rentals that allow only named drivers to drive. So their records indicate you were driving it at the time. Whether those records are accurate is a separate discussion.

Re:get away car

[LordLimecat]

That simply wont work. Telnet is TCP, which means a single packet wont work-- there will be acknowledgements sent back and forth with sequence numbers. You cant simply have your client shout at the server without ever receiving data back, because you will be unable to complete the 3 way handshake.

From wikipedia:

SYN: The active open is performed by the client sending a SYN to the server. The client sets the segment's sequence number to a random value A.
SYN-ACK: In response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number (A + 1), and the sequence number that the server chooses for the packet is another random number, B.
ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value i.e. A + 1, and the acknowledgement number is set to one more than the received sequence number i.e. B + 1.

That third part is where your plan fails: You will never get the SYN-ACK from the server, and will thus not know what sequence number the server chose, and will thus be unable to generate an ACK that would be acceptable to the server.

Generally the client isnt even going to send more than a few packets before stopping to wait for the servers ACKs, which will never arrive.

Its possible that at one point sequence numbers were easier to guess; if you have used nmap any time in the recent past you will notice that basically every target you scan lists "sequence number prediction" as "good luck". As I say, Im no history guru, but it seems to me that at one point it may have been easier to predict, but that (obvious) hole that allowed IP spoofing of TCP connections has been closed.

That article you link corroborates what Im saying:

Two different attack mechanisms were used. IP source address spoofing and
TCP sequence number prediction were used

....Which is a lot less feasible now that sequence numbers are pseudorandomly generated:
(from http://www.symantec.com/connect/articles/ip-spoofing-introduction)

Today, most OSs implement random sequence number generation, making it difficult to predict them accurately.

Note that that article was written in 2003, a full 9 years ago (back before symantec became awful!)

Re:get away car

[LordLimecat]

A little bit more....
From http://lcamtuf.coredump.cx/newtcp/, which did some tests on TCP sequence prediction in what looks like 2001 (Win2k SP2 was current), IOS (Cisco), BSD, Mac OSX, and Windows were all fairly secure-- only on windows were they able to guess any of the sequence numbers, and only 12% of the time.

Dunno about you, but Im not really aware of a protocol that will work with 88% packet loss, even assuming you can find a Win2k SP2 machine to attempt attacking.

Re:get away car

[AK+Marc]

That simply wont work. Telnet is TCP, which means a single packet wont work-- there will be acknowledgements sent back and forth with sequence numbers. You cant simply have your client shout at the server without ever receiving data back, because you will be unable to complete the 3 way handshake.

When you know the sequence numbers, then you can just shout at the server and make it do things. That was one of the things I explicitly stated. Did you read some of the technical details about the attack in the link I posted?

That article you link corroborates what Im saying:

W. T. F. So you read it, and it agreed with me, so you contineud to argue. I probably know more about TCP handshakes and sequence numbers than you, given your inability to understand what I'm saying other than it feels wrong so you argue.

Re:get away car

[AK+Marc]

only on windows were they able to guess any of the sequence numbers, and only 12% of the time.
Dunno about you, but Im not really aware of a protocol that will work with 88% packet loss, even assuming you can find a Win2k SP2 machine to attempt attacking.

I give up. You don't have 88% packet loss. You have 100% packet loss 88% of the time (or ~0% packet loss 12% of the attempts). You send the 10 or 100 packets you need for the attack. They all get there and are ignored 88% of the time. Then you repeat the process 100 more times, and you successfully compromised the system 12 times. But hacking a system 12 times doesn't count, because you used a script? I'm not understanding your math or logic, and you don't understand TCP or statistics.

Re:get away car

[LordLimecat]

You missed the entire part where for 10 years now the sequence numbers have been randomized and are no longer predictable. Mitnicks attack is simply not feasible, and has not been for 10+ years depending on the tcp stack.

Re read my post above:

....Which is a lot less feasible now that sequence numbers are pseudorandomly generated:
(from http://www.symantec.com/connect/articles/ip-spoofing-introduction [symantec.com])

Today, most OSs implement random sequence number generation, making it difficult to predict them accurately.

(and again, that quote is 10 years old)
Before attacking me for not understanding TCP, you might want to read the entirety of my post.

Re:get away car

[AK+Marc]

You missed the entire part where for 10 years now the sequence numbers have been randomized and are no longer predictable. Mitnicks attack is simply not feasible, and has not been for 10+ years depending on the tcp stack.

It sounds like you are arguing that it didn't happen because it's not likely to succeed now. And your inability to correctly correct me on things you assert were wrong, which weren't seems confusing when it was all a distraction from the original point that an IP is not sufficient to prove identity, but is more than sufficient to identify a "responsible" party (though piles of people seem to come out and object, none actually refute the accuracy of my statement).

Re:IPs parallel the discoverable world

"There would be absolutely no way to trace that activity back to me,"

Some routers/firewalls do log the MAC address, so they COULD trace it back to you.

Re:IPs parallel the discoverable world

[Ambiguous+Coward]

People can share IP addresses, but only twins share DNA?

Eww, incest is gross.

Good news for Tor?

[Press2ToContinue]

IF this spells the death of the It's-your-ip-so-that-means-you-did-it argument, then I can see Tor exit-node hosting becoming a lot more popular in the USA. On the other hand, if it is not, then ...

Big problem? No.

[girlintraining]

This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.

That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.

What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.

God bless America.

Re:Big problem? No.

[girlintraining]

Must be one of those angry overweight ugly lesbian cunts the FBI uses to infiltrate other groups of ugly overweight ugly lesbian cunts.

I know I'm breaking rule #1 of Slashdot: Don't feed the trolls. Buuut... it's late, I'm bored, somewhat drunk, and still fabulous. First, not overweight or ugly. Second, I'm bi, but my last two relationships have been lesbian. Third, I prefer the term bitch, not cunt. I reserve that word for people who have done worse to me than making an internet post on some website only known to a fraction of the population. As far as being used by the FBI, nope -- that's what PETA is for. Didn't you get the memo? Us cunt lesbians hang out at PETA meetings, not replying to comments by the marginally literate.

Go ahead, mod me down now guys... but be honest: Every now and then, beating an anonymous coward to a pulp is carthetic.

Re:Big problem? No.

Every now and then, beating an anonymous coward to a pulp is carthetic.

No, the Kia Soul is carthetic.

Re:Big problem? No.

Did someone really reply to you like that? What the fuck? Seriously.

Some people are stupid kinds of fucked up.

Re:Big problem? No.

[TubeSteak]

That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty.

At the Federal level, knowledge is required for a guilty verdict.
At the State level, your mileage may vary.

You must live in one of those asshole States where proving knowledge is not required.

FYI - Receiving is what happens when you get something you know is stolen.
Possession is what happens if you find out, after the fact, that you got something stolen.
Not all States make this legal distinction or they do, but it's covered under the same law.

And, as with many things under the law, being really really drunk is a legitimate defense against intent.

Re:Big problem? No.

[LubosD]

How do you even prove that there was an illegal activity a certain IP address took part in? Logs? Hell, I can create as many logs as I can.

Re:Big problem? No.

"download 300 gigabytes of copyrighted porn" button

They've simplified that to a single button? Thank goodness for progress.

Re:Big problem? No.

[shentino]

Even growing 100 balls won't be enough to overcome a little thing called sovereignty which lets the government do pretty much whatever the fuck it wants to.

Re:Big problem? No.

[greg1104]

"download 300 gigabytes of copyrighted porn" button

They've simplified that to a single button? Thank goodness for progress.

Only now, at the end, do you see the true power of the Facebook 'Want' Button plans.

Re:Big problem? No.

[misexistentialist]

I doubt the resources exist to search millions of houses and forensically analyze all those devices. Certainly not without impacting critical law enforcement functions like drug enforcement. Therefore, due to the practical requirements of national security, the government and courts will likely look generously on proposals to censor the internet or ban usage on an individual level.

Re:Big problem? No.

[Script+Cat]

The problem here is that, the Bit Torrent trackers insert IP numbers randomly and non randomly, that are not actually connected. These people are then logged as copyright infringes, despite having nothing to do with the tracker. This is not hard to do and does muddy the waters for the know nothing CSI monkeys who think that this is hard evidence of liability or infringement.

Re:Big problem? No.

Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.

These cases are civil cases, not criminal as you seem to think. Also, they have been using subpoenas to capture hard drive images. It's really not that hard to tell if someone has been regularly and willfully violating copyright law from a disk image.

Re:Big problem? No.

No, the Kia Soul is carthetic.

But they have cute rats in their commercial....

Re:Big problem? No.

Every now and then, beating an anonymous coward to a pulp is carthetic.

No, the Kia Soul is carthetic.

This, and its parent, are so full of win!

Re:IPs parallel the discoverable world

because in my home as many as 10 people can be using the same internet connection thus sharing the same ip address ... meaning there is ALWAYS reasonable doubt as to who did the downloading.

additionally the ip addresss supplied by the ISP can and will change from time to time ... meaning that you cant even be certain the downloading occured at my location

Re:IPs parallel the discoverable world

[mellon]

The MAC address is only available on the home router. Home routers tend not to log this kind of information, because it would involve infrequent writes of small amounts of data to flash storage, which is a really great way to make it fail quickly. So in pretty much any case where the network wouldn't be secure, there would be no record of the MAC address.

Also, it's trivial to spoof a MAC address. E.g., just run bittorrent in a vmware virtual machine, and then blow it away when you're done—evidence gone, and the log will show that you are innocent.

The bottom line is that trusting IP addresses as personal identifiers is a really bad idea, which causes a great deal of social harm for a very small social benefit.

Re:IPs parallel the discoverable world

[mellon]

Unfortunately the standard in civil cases is "a preponderance of evidence," not "no reasonable doubt."

Re:IPs parallel the discoverable world

MAC addresses can be spoofed very easily. Even if it isn't spoofed, MAC addresses generally can't be traced, they can only be used to confirm a match once the suspect has been traced by other means.

Re:IPs parallel the discoverable world

[Cute+and+Cuddly]

Even WPA2 can be broken into. there is little security with WiFi. I do not care too much as my machine is secured (I run linux and the machine has been hardened to stop script kiddies), so I do run wifi with WPA2 and also require MAC address authentication, but I know thta if my machine were a commercial machine with trade secrets, I would have to remove the wireless card.

Re:IPs parallel the discoverable world

Plus, you don't even need to actually download anything to frame someone, as can be seen here: http://dmca.cs.washington.edu/.

Jury Nullification

Time to start squeezing Jury Nullification pamphlets into every bit-torrent file. Hmm. There's an idea; can anyone whip up a Jury Nullification badge for websites?

Re:Jury Nullification

[LordLimecat]

Not sure if you realize, but judges can overturn jury nullification in civil cases.

Nope.

[mark-t]

It can't identify a specific person. At all. The pigeonhole principle proves it irrefutably, since there are 4 billion possible IP's, but roughly 7 billion people on the planet. It is therefore impossible for an IP to uniquely identify an individual.

Although admittedly that particular argument isn't valid for IPv6... it's still true for a vast majority of IP addresses right now. Even under IPv6, however, it will probably still be the case unless (or until) we start directly associating unique IP's with particular people regardless of what kind of device they are utilizing, you still won't be able to associate an IP address with a particular person. At best, you can get only the subscriber who leased that IP. This may or may not be the individual, but an argument can be made (one that I don't fully agree with, but can see some valid reasoning behind) that a subscriber could be held accountable for activities on his or her subscription that they ought to have had the ability to supervise and approve of.

Re:Nope.

This is easy. Hand the judge your laptop and say "go into the settings and look at the IP address this computer is using. Write it down."

Next, tell the judge to browse images.google.com and type in some search terms. It is almost guaranteed that some images that show up in the results are in violation of copyright... now tell the judge he has just been identified as an infringer by his IP address. Ask him if he is guilty or you are.

Re:Nope.

[mark-t]

The type of copyright infringement caused by incidental web searches such as what you've described is much more of a peripheral issue than a core concern on matters of piracy on the 'net. I'm not suggesting it's entirely irrelevant, but the reality is that it does not represent a significant concern for most copyright advocates. The *MUCH* bigger concern is when people go and download newly released movies or the like. Moreover, they do so with intent, and often under the full realization that the channels they are obtaining it from may be considered a bit... shady (even if not actually illegal), and would not have actually been approved of by the copyright holder.

Re:Nope.

[AK+Marc]

There aren't enough unique license plate numbers to uniquely identify every person on the planet either. Are you arguing that license plates should not be used to identify cars?

Re:Nope.

[spire3661]

total logic fail

Re:Nope.

[mark-t]

That there aren't enough license plates to uniquely identify every person the planet is WHOLLY irrelevant to whether or not there are enough to uniquely identify cars (there are).

A license plate alone cannot identify who may be driving the car... at best only who might be the registered owner of it.

Re:Nope.

Current DNA testing doesn't uniquely identify every individual on the planet either...

Re:Nope.

I think he's arguing that license plates numbers don't positively identify individual people, which is 100% true - you have to have a picture of the driver operating the vehicle with the license plate to prove who committed a crime, which is why automated red light cameras take a picture of the driver as well as the license plate. Don't compare apples (not enough license plates to uniquely identify every person) with oranges (using license plates to identify cars).

Re:IPs parallel the discoverable world

[girlintraining]

and the people taking the blame would be guilty of no other crime than not understanding how networks operate.

Actually, they may understanding completely how networks operate, but have a device that requires the use of WEP (older wifi-enabled printers, anyone?). Don't assume that because something isn't secured to some arbitrary amount that the person who secured it was uneducated.

Also, there is some data left behind that could link it to you: Until the router is rebooted, it will probably maintain an ARP record (if not also a DHCP lease) in the memory of the device. That record will contain the MAC address of your wifi card, and possibly your computer name as well. People can and have been busted for this when, say, sending a death threat to the President. It turns out, the secret service does know a thing or two about this, and they pride themselves on doing anything necessary to find you, even if that means confinscating every computer in a given radius of that wifi router and comparing trace records to forensic data on each computer. Oh, and incase you're wondering -- as a matter of fact, no, the 4th amendment doesn't really apply when it comes to death threats against the president. Or any other law for that matter... they will find you.

The inevitable car analogy...

[SuperCharlie]

The IP is the car.. yes, someone owns the car or might be responsible for the car at a particular time, but they may or may not be driving it.

Re:The inevitable car analogy...

>analogy
>immaterial thing
>physical object

No. Even better, don't try analogies period, it's not a case about cars so cars are irrelevant.

Re:IPs parallel the discoverable world

[shaitand]

Not only that, but the current testing methodology is questionable. Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this. The statistical probabilities given that someone has the same DNA are based on the completely unsupported assertion that there is no genetic relation between these markers.

Not too many people have katana's, not too many people keep chopsticks in their silverware drawer. So you could argue that someone having both these things makes it highly unlikely the suspect is the killer. In reality, I'd venture most everyone with a katana also has chopsticks. Having both is slightly more statistically unique than having one but it is nowhere near as distinct as the individual probabilities of having these items would suggest. The same may well be true of these markers or of certain value combinations of them.

I wouldn't buy something based on a companies claim of statistical success because it is too easy to use selective information and to spin results. Why are we using this same kind of data to send people to prison.

Re:IPs parallel the discoverable world

[Fjandr]

Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.

Whether there's anything more than a correlation between those links is part of the job of law enforcement and the judiciary to sort out.

There are also many cases where there are strong doubts regarding the link between DNA or IP and a person being more than happenstance in a given situation.

The analogy is far better than many seen on Slashdot.

Re:IPs parallel the discoverable world

[shaitand]

Lame joke. There is nothing gross about two hot twins going at it or a 3way with the same. Arguably the hottest thing ever.

Re:IPs parallel the discoverable world

Great tactic. MAC addresses are bulletproof and can in no way be spoofed.

Re:IPs parallel the discoverable world

[shaitand]

DNA shouldn't. Just because DNA is accepted where it shouldn't be doesn't mean IP's should be.

Re:IPs parallel the discoverable world

[LordLimecat]

But at least DNA doesnt change every 2 weeks.

Re:IPs parallel the discoverable world

[bonehead]

Some routers/firewalls do log the MAC address, so they COULD trace it back to you.

Bullshit. If I was going to use someone else's Internet connection for illegal activities, don't you suppose it might be a good idea to take 2 seconds to run a script that will switch me to a randomly generated MAC?

The only way to get caught would be for someone to pin down the radio signal while the connection was in process. Once the activities were complete, there would be no traceable evidence to be had.

Re:IPs parallel the discoverable world

[LordLimecat]

MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.

Re:IPs parallel the discoverable world

[sjames]

I would say that a 1 in 10 chance that the named individual was the one at that IP address at the time falls short of preponderance of the evidence. Throw in that someone might hop on their WiFi (invited or not), might spoof their address with a hacked cable modem, might use a compromized PC as a relay, or the ISPs logs may be wrong about who had the IP when, and IP address is looking like an absolutely terrible way to identify a particular person.

Re:IPs parallel the discoverable world

[LordLimecat]

The problem is NAT and DHCP, for which there are no parallels for with DNA.

NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP.
DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.

Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.

Re:IPs parallel the discoverable world

[LordLimecat]

most that do lose it on reboot. You would specifically need to configure the device to have correct date/time (which I doubt most do), and specify nonvolatile storage for the logs (which Im quite sure most dont do).

Re:IPs parallel the discoverable world

[LordLimecat]

They really cant confirm anything without a router or switch log. MAC address info doesnt leave the local subnet, and is simply not accessible from behind a home router.

Re:IPs parallel the discoverable world

[bonehead]

In fact, if a person wanted to be really nasty about it, the following would be trivial to do:

1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.

Police come knocking on your door, check log files if your router has them, and right there in the logs is YOUR mac address from YOUR laptop correlated with the illegal activity.

Anyone who understands wireless networking, even a little, should know that the thought of an IP address being considered legal proof of identity is an absolutely TERRIFYING concept.

Re:IPs parallel the discoverable world

If DNA can

For a long time, DNA couldn't, but nobody bothered to question the prosecutors when they had an N-point match and their lab guy said it must be the right person. Some researcher decided to run through the DNA fingerprints on a lark and see how many people matched each other and suddenly there were dozens of "one in 113 billion" 9 loci matches and all the prosecutors started running helter skelter around screaming "no you aren't supposed to use it this way! Pay no attention to the woman behind the curtain finding dozens of people with nine loci matches! Make her stop! Make her stoooooooop!" (cite: http://articles.latimes.com/2008/jul/20/local/me-dna20 )

These days though, the DNA technicians just swear in then lie in court rather than bothering to do the work. Hey, if the prosecutor thinks they're guilty they probably are, and when they're caught its not like the DA is going to press perjury charges against the star witness. (cite: http://www.google.com/search?q=crime+lab+dna+scandal&gs_l=news )

Re:IPs parallel the discoverable world

NATcest is best!

Re:IPs parallel the discoverable world

[LordLimecat]

ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.

The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer 2 protocol and would not be leaked when sending ie a death threat to the president-- once those packets hit your router, the layer 2 information is stripped out and rewritten with the router's own info, which is then stripped and rewritten at the next hop. Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.

Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence, there would be no way from a network standpoint to prove whether the owner of that connection had actually committed the crime in question.

Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.

Re:IPs parallel the discoverable world

[infurnus]

People can share IP addresses, but only twins share DNA?

http://en.wikipedia.org/wiki/Chimera_(genetics)#Human_chimeras

Re:IPs parallel the discoverable world

[shentino]

MAC addresses can be changed.

Re:IPs parallel the discoverable world

[bonehead]

While the MAC address of a NIC can be tedious to alter

1.) Boot a backtrack iso
2.) Run macchanger -r eth0

There you go, you're now operating under a randomly generated MAC address.

Not too tedious, IMHO.

Re:IPs parallel the discoverable world

[morcego]

I can't hijack your body and use it to commit a crime that can be traced back to you through DNA evidence.

You are right. YOU can't do it. You are so lame.

Re:IPs parallel the discoverable world

[jamstar7]

NATcest is best!

Put your router to the test!!

Re:IPs parallel the discoverable world

But at least DNA doesnt change every 2 weeks.

Logs will show who had which IP at which time. This is a non-issue.

I want to believe the court will rule that IP addresses don't prove which person used the equipment which held the address. It is consistent with how we treat cars, license plates, and drivers. Your plate is not enough for say a traffic offence, because you may not have been driving.

But I just can't justify faith in the system anymore. Honestly if I was going to bet a large percentage of my money on this, I would bet on the most authoritarian or fascist outcome possible. I would bet that the copyright cartels will get their way, even if the judge is fully aware this will result in innocent people being blamed for infringement they didn't actually do. Sadly I would probably win that bet. The courts have long ago decided that elaborate legal theories are more important than preserving and defending liberty.

I guess judges assume they are in the ruling/political class so the fascist laws they keep validating will never be used against them personally? That makes it okay, right? Somehow, in their minds? Just like so many politicians assume the massive debt won't be a real problem until long after they're out of power, so that makes it okay to them. The lowest worm or maggot is better than these people because it can't help being what it is. These people choose to be what they are.

Re:IPs parallel the discoverable world

[AK+Marc]

The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.

Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this.

What private company? And nobody has asserted that it matches a unique person, but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.

ISP have messed up ip tracking as well metering

[Joe_Dragon]

ISP have messed up ip tracking as well metering so what a ISP says may not hold up in court.

There lot's of old cases of that hear on Slashdot.

Re:IPs parallel the discoverable world

Your plate is not enough for say a traffic offence, because you may not have been driving.

I should have made the reference more clear. This came up when red-light cameras became more common. People would often get out of the tickets because the camera only caught the plate, there was no photo showing who was driving. Like a car, a router holding an IP address can be used by multiple people. Unlike a car, said router can be used by many people _at the same time_. That alone isn't proof of who did what.

Re:IPs parallel the discoverable world

[AK+Marc]

NAT only works if they are on your network. Why are they on your network? And DHCP means nothing. Most carriers don't use DHCP. PPPoE and such, maybe. And they know what IP you had at the time of the "offense". There are things called "logs". The lumberjacks roll on them in rivers.

Re:IPs parallel the discoverable world

[girlintraining]

ARP records would NOT contain your computer name

*facepalm* I also mentioned the DHCP lease data, which would. You missed that.

The idea that ARP caches have been used to bust people I find rather hard to believe, since...

Since you can't imagine a death threat being sent and then the secret service not showing up ASAP? You think they just sit around going "hmm, should we deal with this now, or after tea and crumpets?" No -- their response time is in hours. It's a job requirement that their sense of humor be surgically removed. The ARP data will likely still be in RAM, and yes, you crack open the device, and then remove the ram (or hook clips up to the debugging ports, etc., while it is powered on), chill it, and transfer it to a reader device to extract its contents. This is not theoretical: This has been proven, the people who wrote TrueCrypt describe this particular attack in great detail in their disclaimers and limitations documentation.

And yes, there are workarounds, there are always workarounds... But are dozens of things you need to do to cover your trail, and each of those things that you do reduce the pool of potential suspects. As well, you aren't considering the other evidence that may be available -- a witness to your car being parked outside a few hours before the guys with shotguns showing up, for example. The home security camera on the neighbor's house you didn't notice. The ANPR system of the gas station you drove by on the way to the street you parked outside of. The list goes on.

Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.

Yes, congratulations, you have a basic understanding of protocols. But you apparently don't understand implimentation of them in hardware, software, and firmware very well, and you're even worse at looking at the total system -- which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID). There's a hundred ways they can hang you -- and you only need to screwup once. Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days. Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?

Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence...

All ISPs are required by law to store that data; They have had to for years. Also, the government has been consolidating existing wiretapping efforts into a supermassive data center intended to store detailed and comprehensive records of all communications on the internet domestically. They don't necessarily need the ISP's assistance -- though it may speed up the execution of a search warrant.

Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.

You made a terroristic threat. Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights. They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them. A guy who merely accidentally bumped into the President spent several months in jail without a trial just last year. A government that has spent many trillions of dollars and bankrupted itself to protect against terrorism is not going to be held up by some internet critic's interpretation of the fourth amendment. The word "unreasonable" will be made to be amazingly elastic if you decide to attempt the aforementioned crime.

Re:IPs parallel the discoverable world

[AK+Marc]

The only secure wireless is an off wireless. But IP matching is much much more reliable than the slashdot crowd would have you think.

Re:IPs parallel the discoverable world

[AK+Marc]

In windows, if you have a "good" driver, open the device properties. Go to the advanced tab. Set the MAC to whatever you like. You don't need to boot a new OS to do so.

Re:IPs parallel the discoverable world

[AK+Marc]

And aliens could have come down from the sky, broken into his house, and used his computer to download Rhianna, then left without a trace.

And the consequence of pushing your line of thought is French or NZ style laws where the connection is at fault, and the owner of the connection gets a fine and the connection turned off. No criminal liability. No trials. Simple, and no fault assigned.

but a IP can be like take any car in the row

[Joe_Dragon]

but a IP can be like take any car in the row and they don't do that good of a job of keeping records on who had what car. Also replace car with say a group of seats that can be used my more then one person. Poor analogy but think of it like this you are paying for X space (bandwidth) and you can use it all on your own or others can also use open space at the same time.

Re:IPs parallel the discoverable world

[lightknight]

Because wireless access points? And even 'secured' access points are trivial to access with the right software?

Re:IPs parallel the discoverable world

[lightknight]

Indeed, but I imagine in the near future, it will be trivial to frame someone using that very kind of evidence.

You'd be amazed how much DNA human beings shed on a daily basis. And how trivial it is to grab a randomly discarded hair-brush, using the hair / skin on it to contaminate a crime scene. We all know the DA will never question it, the judge certainly won't, and the defendant, of course, no one believes.

Donate blood? Good, good. Perhaps you also cut your hand when you broke that glass on the jewelery store window last night, and left a little blood on it. With such an obvious treat like that, no forensics team or police investigator would question it.

But we all know things like that simply don't happen in this world. It's all pure fantasy...

Re:IPs parallel the discoverable world

[lightknight]

Because Mac addresses aren't unique by a long shot?

Re:IPs parallel the discoverable world

[sjames]

The difference between my examples and yours is that the ones I mentioned actually DO happen. What world is it you live in where everyone correctly secures their PC and WiFi and never leaks a password?

Re:IPs parallel the discoverable world

[Sun]

The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.

While 100% accurate, the problem is that part of these "too many people" are the police, the judges and jury.

What private company? And nobody has asserted that it matches a unique person,

Ahem ahem ahem.

I'm sorry, I was caught by a sudden cough. Do continue...

but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.

Yes, I completely agree. Unfortunately, while you show much clue in the field of statistics, you show very little clue in the field of human behavior.

DNA is routinely used, not to narrow down the suspects pool, but in order to find the suspect to begin with. That is why DNA databases are so lucrative for law enforcement. Quite often, a finger gets pointed at someone because police already had his DNA for an unrelated reason. As I'm sure you understand, this kind of use is precisely the kind where GP's concerns are justified.

Shachar

Re:IPs parallel the discoverable world

[Aryden]

Not in Maryland, the tag is enough to identify you for the issuance of citations for speeding, traffic lights and soon, stop sign cameras.

How can this be used as evidence?

[robot5x]

OK... so there are plenty of posts here outlining that using IP addresses as evidence is extremely unreliable at best.
MAC's can be spoofed; networks can be hacked, then there's DHCP and NAT etc etc etc.
Honest question: Given that there are this many holes in putting forward an IP address as proof of illegal downloading/copyright infringement WHY THE FUCK isn't it laughed out of court??

I can only think of 2 options:

1. The judiciary have no clue about these issues and are not being educated on them - if so, why aren't they making it their business to understand these pitfalls?
2. THe legal system prefers to just push all responsibility for network security onto generally clueless service owners - if so, why aren't these innocents presenting this apparently basic information to court?

THis situation is just so moronic that I'm struggling to believe it is actually happening.

Re:How can this be used as evidence?

[greg1104]

You can't expect a judge to be an expert on everything they have to rule on. That's why they call in true experts to testify about technical problems. The problem here has been that the "experts" spouting commentary toward the courts so far have come from "digital forensics" firms hired and paid for by the copyright owners--the ones who are also selling them with the premise of "yes, we can find the pirates for you".

Unfortunately, the individuals being sued in these cases so far haven't been able to provide similarly persuasive experts arguing against those claims. For any one person, it's cheaper to pay the protection money to drop the case than fund such a thing. Well, the wide nets they cast have finally caught the wrong fish this time. One of the "John Does" in this case has gotten the court to read a long paper on the issues around assuming IP address==identity and consider the arguments. The court record has entered "explanations as to how computer-based technology would allow non-subscribers to access a particular IP address" as a serious counter claim.

The really nice part is that the way the case is being constructed, the legal fees from the defendants will fall due on the copyright holder if they lose, if it's proven this was a frivilous, unfounded lawsuit all along. That makes the risk/reward on the defense legal budget here a whole different game than the normal big company vs. single person harassment that companies have been getting away with.

It's clear from the briefing the judge is not just suspicious of IP address identification, they have picked up on that part of the odious way these copyright trolls work, and they don't like that. They're not buying the idea that they should be able to use the court to help identify people, get their contact info from their ISP, and then move onto directly threatening them--outside of the court system.

Re:How can this be used as evidence?

[Hatta]

3) The legal system is not about justice but about control.

They don't care if innocents are railroaded as long as the rich and powerful get what they want.

Re:How can this be used as evidence?

The legal system is not about justice but about control.

That's a feature, not a bug.

Law = Order
Law != Justice

On a good day laws are on the same side as justice. That's as good as you can get.

Re:How can this be used as evidence?

[Hatta]

Order that institutionalizes injustice isn't any better than chaotic injustice.

Re:IPs parallel the discoverable world

[AK+Marc]

If you live in a place with strict liability laws for Internet connections, why are you leaving your wireless on 24/7? If you are responsible for it, then secure it properly (even if that means off) or accept the consequences of your negligence.

Re:IPs parallel the discoverable world

[Aryden]

No, IP addresses have alreadyd been ruled to only identify an address at a current time. You cannot use it to identify a specific person which is precisely what this case is about.

Re:IPs parallel the discoverable world

[morcego]

I see you still can't hijack their bodies, and need to use technical measures.

Please return your evil overlord card.

Re:IPs parallel the discoverable world

Anybody who cares about it runs their connection through a VPN anyways. And that's probably always going to be the case as the folks creating the standards for WiFi have a tendency to not include cryptographers and security researchers in the process.

Re:IPs parallel the discoverable world

[dcollins117]

If DNA can, why not IP? Is this a question of fact or law?

Ever been to Starbucks? Hell, any internet cafe. At any given time you've got many people sharing IP addresses. Why is this issue even being debated?

With the advent of IPv6

they won't need to subpoena the ISP's logs anymore because your IPv6 address identifies the household that where the connection originated.

What remains is the open WiFi defense, so expect them to legislate against it. You will be liable for your wireless router like you're liable for your firearms.

Re:With the advent of IPv6

they won't need to subpoena the ISP's logs anymore because your IPv6 address identifies the household that where the connection originated.

That sounds like a privacy nightmare.

Re:With the advent of IPv6

they won't need to subpoena the ISP's logs anymore because your IPv6 address identifies the household that where the connection originated.

That sounds like a privacy nightmare.

I have a static IP so I'm already living it. My only "protection" is that the web sites in general aren't expecting the consumer IP address to be static. With IPv6, they will.

Re:With the advent of IPv6

they won't need to subpoena the ISP's logs anymore because your IPv6 address identifies the household that where the connection originated.

My IPv6 address WHOIS information points to a chicken farm in Germany. I'm in the UK.

Re:IPs parallel the discoverable world

[nabsltd]

Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.

Except that in this case, the plaintiff likely presented only a list of IP addresses, dates and a name of a torrent. I can create a list like that in a few minutes using Excel and the "RAND()" function. The relatively strict rules that apply to collection and custody of evidence like DNA samples is nowhere to be found in these copyright cases.

The whole point of these cases is not to go to trial, but rather to get a payout with little expenditure of money. Most of the firms that are pursuing these sorts of cases just ignore ones that have any opposition after they get contact information. Almost every case that actually involves a trial is about fighting to be allowed to easily obtain contact information and send extortion letters.

So, if the stats about file sharing are accurate, using randomly generated IP addresses and times in the initial discovery request would likely never be uncovered, because there would be enough people who are scared into settling. This is especially true in this case, where porn is involved. As long as the contact info they get hits people who downloaded porn (any porn), they're likely to get a decent settlement rate.

The only way to get real evidence of file sharing is too much work for the payout, as the copyright holder would have to download a relatively large chunk of the infringed work (or possibly all of it if it was a split RAR file) from every defendant's computer. This would require a well-behaved torrent client (to avoid things like disconnection for bad data) but modified to store each copy of the downloaded data separately, and to never upload (since uploading would be similar to entrapment in a criminal case). Next, the computer used to do this downloading would have to be in some way "frozen" to keep from altering any of the proof, while still allowing access to that proof for generation of the lawsuit. Last, the copyright holder would have to allow experts for the defense access to the "frozen" computer that was used to do the downloading.

Re:IPs parallel the discoverable world

[gmhowell]

Can't find my link to the youtube video about the guy who is hot for this chick, turns out to be his sister, then turns out this asshole trying to chase them in the Mystery Machine is really their dad.

Re:IPs parallel the discoverable world

[TheTurtlesMoves]

Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error.

No you won't. There are 13 standard Loci with something like 10 Alleles or more at each marker. So that is something like the chance of a "random" match as one in 10^-12. This is both correct and wrong. First many of these 13 markers have more than 10 alleles and the provability is closer to something like 10^-15. Its wrong in that its not random, you share about 50% of these markers with your father for example. Even population wide this does reduce the randomness. Then there is a birthday paradox. But that does not apply in this case since you are matching the database to a given profile. So with 7 billion humans in the database, chances are that there is just one hit. Not millions. You would be very lucky to get more than one.

When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that.

Yes this is directly related to my day job.

Re:IPs parallel the discoverable world

[mrbester]

"it is absolutely trivial to poison an arp cache so that bogus information appears in the cache."

Indeed. This is how WifiKill works, much to the annoyance of MacBook users in cafés I frequent.

Re:IPs parallel the discoverable world

Is #2 required?

Re:IPs parallel the discoverable world

My old wardriving rig had a new MAC address from a randomly selected vendor every time it booted up. Hell, the only consistent thing about it would've been the fact that it intentionally excluded two of the medium-common vendors -- one being its own, the other being an extra exclusion to not be blatantly obvious if it was ever tracked.

It's a basic command that can be ran on nearly any decent linux system that doesn't have a completely crap card.

MAC filtering is about as valuable as locks on car doors -- except at least if someone smashes your car, there's blatant evidence afterwards. With MAC cloning, the only evidence you might have is an interruption of service if you happened to be on at the same time. And that's only if your attacker was naive, or the network was configured better than most ones are in reality. Thank you arpping.

Yes, you should use MAC filtering, for the same reason you should lock the front door to your house. But you shouldn't count on it to protect you from anyone but utter incompetents.

Re:IPs parallel the discoverable world

[Gerzel]

Off often isn't an option. Especially where there is the highest chances of the wi-fi being intercepted. Your idea of diligence doesn't seem to mesh with real-world practicality.

Now I'm not saying that IP address shouldn't be used, but it probably will need support with other evidence.

Re:IPs parallel the discoverable world

[Gerzel]

There is a difference between negligence and committing a crime. The courts here are trying to decide if a crime was committed. If the owner of the network was criminally negligent then that would be a different charge than the crime itself.

The burden of proof generally rests on the accuser.

Re:IPs parallel the discoverable world

> Most carriers don't use DHCP. PPPoE and such, maybe.
USA is a weird place. All of the major ISPs in Finland have been using DHCP for years. Majority of small ones as well. Heck, I have had broadband for ~12 years & I have never used it.

Re:IPs parallel the discoverable world

[Robert+Zenz]

If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.

People make it always sound like you drop the hair of someone at a crimescene and WHAM, straight to jail. Framing someone for a crime is hard work, with lots and lots of stuff which needs to be taken into account. Placing someones DNA at the crimescene is only one part of a big puzzle.

Re:IPs parallel the discoverable world

[FireFury03]

Cunningly, the UK seem to have got around this issue. The letter you get when caught by a speed camera specifically asks who was driving. It has some FAQs on it. One of those FAQs is "what if I don't know who was driving", and the answer they give is something along the lines of "you are legally required to tell us who was driving". So there you go, they are stating that if you don't know who was driving you have a legal obligation to commit purgury.

(I don't actually know what the legal standing of this is, but to find out you would need to go to court, and the penalties for taking a speeding fine to court and losing are so high, most people just accept the points and fine even if they are innocent)

Re:IPs parallel the discoverable world

[nosferatu1001]

Actually if you can reasonably show you are unaware of who was driving, you CAN return the NIP (notice of intention to prosecute) with said information.

Commonly accepted defences include:
1) Not receiving the NIP in a timely manner - usually receipt outside of 14 days will be accepted here
2) Large number of potential drivers in a "pool" situation. A police force used that excuse when a panda was flashed - they hadnt maintained driver records so could not, with any certainty, point to who was driving at that time.

It is interestingly one of the few ECHR upheld limitations on the right to not self incriminate - you can be forced, under penalty of suffering the same penalty as the offence alledged, to name yourself as the driver

IANAL, just had a couple brushes in the past with the system ;)

Re:IPs parallel the discoverable world

[Mr.+Underbridge]

Which is why, if used correctly, it is *a* piece of evidence, not *the* piece of evidence. To go with the DNA analogy, which seems to have become the new 'car analogy' on slashdot: what if the lab messes up? Mistakes happen.

I saw a story once where some guy got busted for a fairly minor crime, but they collected his DNA and ran it. Bang, hit on a 30 year old cold case where someone had been killed in a cemetary, blood collected from a gravestone. Guy pleads his innocence. Turns out they got two hits from that gravestone, and the other hit was a guy who had been 4 years old when the crime was committed. Something's messed up, right? So it turns out the common denominator was that all three DNA samples were run by the same lab in the same week - the cold-case sample from the gravestone, the guy who got accused of the murder, *and* the 4 year old (who had since grown up) and was also arrested that week. Clearly all three samples were co-contaminated, right? Not according to the lab director, since they don't make mistakes. And the jury returned a guilty.

Point is, even DNA isn't foolproof. Neither is an IP. Both are helpful, neither is sufficient. But just like if your DNA shows up at a crime scene, if your IP is involved with copyright violation, you can expect to be making a lawyer's car payments, even if you're ultimately exonerated. Good reason to secure your networks.

Re:IPs parallel the discoverable world

MAC access authentication is good for most situations.

Yes, there are always those hackers who know everything and they study by testing without causing damage to others and crackers who cause damage to others by stealing information or doing bad things trough others computers.

BUT, look around. Look where you live and think how many crackers lives as your neighbor?
Yeah, thats right. The change for that is very limited.

I use MAC access authentication only, because I want only to rule out what devices gets connected to family network, but I don't want encryption to slow down the connection in that environment by 10-20% (tested).

Some house visitors are blocked by that what is a nice thing but when there are only two neighbors and both are about 100m away and signal is just strong enough for their front yard to get minute or two connection before disconnection, encryption isn't needed at all.

Padlocks, door locks, car locks etc are easy to pick or get trough. But when avarage person can not get trough by the lock in the first place, they use rock, hammer or something else to brake the glass or framing and get trough if they want, it doesn't help at all to have top class lock what professional thief can not pass in one minute.

Heck, "Locks are for honest people". It is just a sign "Please, do not go there, even if you are curious person".

Network encryption and access technic are exactly like that. Only for against curious people. If media company X wants to get access to my network traffic, they don't need to come even close my home. They simply needs to have a friend at ISP, if a engineer who can do that or CEO who orders someone to do that, and thats it.

ISP can lurk every data connection what comes and goes to my own local area network. They can do any man in the middle attack, anykind theoretical access. And people at ISP are somewhat 100% honest without being pushed without any leverage or ransom? Yeah, sure.... And every cop are honest! The problem here isn't that media watchdog couldn't crack or check the data flow. But that they can not connect specific data pipe to specific person unless it is very so.

Example, if I live at area where there are just these three houses. Lets assume I go now to download material X what is illegal. Media watchdog gets it and informs local company blah blah...

If someone comes to my location, does a simple test that there are no other houses near my connection end so that house visitors or family is the only logical one. If I would live alone in that house, it is even more clear it is me.
If I have encrypted network, then it even lays off any change that someone just came and stop by to do that download and drove away.
If only my computer is having access to that network and no one can have access to it than me physically (locked behind my own office room where only I have key and pin-code for door) then isn't it already 100% correct assumption that I was the one who went and downloaded the "X author Y media from Z album", even if it isn't found from my computer anymore or tracks to it (evidences from wiping computer exists)?

How about a apartment around tens of families, by using a WLAN network without encryption and just with MAC filter?

MAC filtering isn't a encryption. Any teen can crack it in seconds, like you said... It isn't even spotting a hacker or cracker a one second.

So, MAC filtering isn't encryption so it isn't illegal or hard. You can not blame the connection owner if the data isn't found from that computer (wiped clean).

And what if you can have access to computers at that network hard drives because they have sharing enabled? Can you deny that someone couldn't do that they just copy the MAC address and copy files to your computer after they downloaded it?

It isn't hard thing to do at all by teen what just search technic for that one day.

Re:IPs parallel the discoverable world

People can share IP addresses, but only twins share DNA?

There is no active mechanic that prevents people from getting exactly the same DNA sequence, it is just very unlikely that it happens.
For DNA tests used in court the test is only unique up to one in a million. This means that from one DNA sample you will get about 300 hits in the US, if you get a match with someone who is involved in the trial or someone who has a criminal record you say that it isn't from one of the other 299.

Re:IPs parallel the discoverable world

[Chrisq]

One of those FAQs is "what if I don't know who was driving", and the answer they give is something along the lines of "you are legally required to tell us who was driving". So there you go, they are stating that if you don't know who was driving you have a legal obligation to commit purgury.

No - the point is that the registered keeper is legally responsible for knowing who was driving. If you don't know who was driving you commit a different offence, but the original speeding offence cannot be charged. To avoid this being used frivolously the penalty is higher than is likely for a speeding offence. It is clear that if you don't know who's driving you should plead guilty to failing to identify the driver and take the fine and penalty points - not to commit purgery.

Re:IPs parallel the discoverable world

[marka63]

And there are 35184372088832 /48's available for allocation based on current IPv6 allocation rules. More than enough for everyone to have several.

Re:IPs parallel the discoverable world

[FireFury03]

Actually if you can reasonably show you are unaware of who was driving, you CAN return the NIP (notice of intention to prosecute) with said information.

Maybe, but that is contrary to the information they provide on the NIP.

1) Not receiving the NIP in a timely manner - usually receipt outside of 14 days will be accepted here

Untrue - I received an "intent to prosecute" (or whatever they call the one you get if you don't respond to the NIP) a few years ago. I had never received the NIP, so I challenged them. They resent the NIP and gave me an extension, but they flatly said that this was a good will gesture and that legally they are deemed to have served the NIP if they have proof of posting. If the Royal Mail lose it, tough shit, you're still in the wrong for not having replied to the NIP you never received.

Yes, you can challenge this in court, and you may even win, but can you take the risk? The fixed penalty notice usually gives you the choice of a "training course" (no points) or points, making any kind of legal challenge causes the immediate withdrawal of the offer of a training course, and the courts can (and do) award much stiffer penalties than the fixed penalty notice if you lose.

The way the law applies to the police is, of course, completely out of line with the way it applies to the general public - several years ago I had to serve a legal notice, and I had to employ a process server to ensure it got there - a court would not have accepted just a proof of posting (or even a recorded delivery proof of receipt!)

Re:IPs parallel the discoverable world

People make it always sound like you drop the hair of someone at a crimescene and WHAM, straight to jail.

Nope, but it happens.

Re:IPs parallel the discoverable world

[FireFury03]

No - the point is that the registered keeper is legally responsible for knowing who was driving.

Ok, ignoring the fact that you're citing the Daily Mail of all things as a accurate source of information, it also doesn't say that there is any such legal responsibility. If you are an organisation operating a pool car system or hire car system then I can see this would be standard due dilligence, but for personal users where the car is shared by the family, you can't expect people to keep track of this. This is especially true on long journeys where families often swap driver regularly througout the journey - 14 days later when you get an NIP can you really be expected to know which member of the family was driving at that specific moment in time?

If you don't know who was driving you commit a different offence, but the original speeding offence cannot be charged. To avoid this being used frivolously the penalty is higher than is likely for a speeding offence. It is clear that if you don't know who's driving you should plead guilty to failing to identify the driver and take the fine and penalty points - not to commit purgery.

Yes, the law had a loophole in it that could be exploited by lieing, so they closed it by just penalising everyone, whether they are innocent or guilty - great job!

A convenient excuse

Judge Michael Baylson, eh? Something seems..... off.

Re:IPs parallel the discoverable world

[shentino]

That's only because the law SAYS it's enough, due process be damned.

Ask Leo Traynor...

Apparently he knows how to trace somebody from their IP address... LOL.

Re:IPs parallel the discoverable world

[shaitand]

If I remember correctly there are actually two companies that sell almost all DNA testing supplies to crime labs in the US and they pick the genetic markers that are used. So while DNA profiling is not specifically tied to a single set of markers dictated by a private company, that is the practical result.

That probability you speak of is based on the assumption that the DNA markers being used have no correlation. That assumption is not factual. And 99% is nowhere near enough to meet a "beyond a reasonable doubt" burden. That means one in a hundred are false positives. That isn't even good enough to uniquely identify a staff member at many local businesses let alone uniquely identify a suspect for criminal conviction. There are 45 murder cases a day in the US. These days there is at least one DNA sample involved in most of them. At 99% that would mean at least one false positive at least once every couple days.

If the odds aren't good enough for a casino or lottery ticket to pay out a ten million dollar jackpot they are nowhere near good enough to provide the basis for convicting potentially innocent people. It is better to let a hundred guilty guys off than to wrongly imprison a single innocent person.

Re:IPs parallel the discoverable world

[Chrisq]

No - the point is that the registered keeper is legally responsible for knowing who was driving.

Ok, ignoring the fact that you're citing the Daily Mail of all things as a accurate source of information, it also doesn't say that there is any such legal responsibility.

OK, here's another reference: Failing to Identify Driver (Failing to Supply Information)

Yes, the law had a loophole in it that could be exploited by lieing, so they closed it by just penalising everyone, whether they are innocent or guilty - great job!

No they set a legal obligation which you are guilty of if you do not fulfil. It is part of the Highway Code and will be taught to drivers after 1988, and it is an obligation of drivers who have already passed the test to keep up with changes to motoring law.

Re:IPs parallel the discoverable world

[sFurbo]

Does hair clipping contain enough DNA to do a test? I remember hearing that testing on hair is done on the follicle, so hair clipping would not work. OTOH, I recall more recently hearing that hair is better at preserving the small pieces of DNA it contains (no air or water), so ancient DNA is better done on hair samples. But are the pieces in hair large enough to use in a forensic test?

Re:IPs parallel the discoverable world

[shaitand]

"When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that. "

Wrong. The reliability of the person doing the testing accurately is not anywhere near 99.99999999% or even 99.999% and represents the absolute maximum assurance the test can provide. That is comparable to saying something weighs 1.34545g when your scale is only accurate to +/- .1g.

The lack of randomness does not make DNA profiling a better indicator, it skews the odds the other way. It proves that there are relationships in these markers. If I have a one byte binary number you can say that there are 2^8 possible numbers so the chances of a randomly picked number matching mine are 2^8. But the moment that number has a meaning the uniqueness of the indicator drops. If it is human readable English text then there are only 96 possibilities and my random selection now has a 1 in 96 possibility of matching. If it was a "random" keypress the odds become much better and a simple number can no longer express the odds because some numbers are more probable than others, for instance if my random key is a home row key the odds are dramatically better than 96 to 1. More like 20 to 1 and even within the home row some keys are more likely than others.

The point being, while we suspect these markers are very unique, there definitely have not been any studies on a sample set nearly large enough to assert a 1 in 99.99999999% probability with any degree of confidence. Those type of odds assume there is no relation between these markers and any relation can drop the real probability by several orders of magnitude.

Re:IPs parallel the discoverable world

And as unlikely as it is it already happened. Twice. In one case they got one arrested based on DNA, but later the real offender confessed. Maybe a mass test is in order to see how good the chosen markers are (but I don't know who to entrust that database with). That these improbable cases already appeared showed that you should stick to more conventional police routine and use the tests to remove possible offenders from you list of candidates.

Re:IPs parallel the discoverable world

Spoofing another person's DNA would be *slightly* more challenging.

You don't need to spoof. Just select some dandruff boy and collect samples to spread at the scene.

Re:IPs parallel the discoverable world

"MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around."

Absolutely. The only sensible way of securing a WIFI-network seems to be to always place WIFI-users in a "special" network zone with absolutely no access anywhere at all, except to a fully updated, monitored and secured VPN-server. And the only way of accessing anything else is to log in through the VPN-server with a separate per-user login. My former university did this back in 2001 and it seems as valid today as it was back then.

Re:IPs parallel the discoverable world

three time's a charm: perjury

Re:IPs parallel the discoverable world

[L4t3r4lu5]

You could even use it to commit the crime if you so desired, but you'll need a fair bit of hair to choke a full grown man.

He'd only need to inhale 5ml of saliva to drown, though.

Fact

[SmallFurryCreature]

In parts of the US, if your car is used in a drugs crime, you are responsible. You can go to jail for someone borrowing your car to buy a joint.

Is that right or wrong? It is the law and the law is made by politicians who are elected by the people. And the people are NOT you nor the people on the internet forum you visit.

The people are an unseen group who do all the things that are uncool and out of date and they make up the rules of society, NOT to benefit some teen who thinks he knows how the world should run but to the benefit of them, or so they think.

The war on drugs was introduced by politicians who got re-elected. The war on copyright pretty much the same. Yes, this does show democracy sucks donkey balls for doing the "right" thing. It also shows that what is the "right" thing, no two people can agree upon.

It will be intresting to see how this case goes. From precedent, it could go either way.

Re:Fact

[hawkinspeter]

Thanks for the condescending post - I haven't been called a "teen" for over two decades!

I deliberately didn't use a car as an analogy due to my knowledge of the different laws regarding cars (which is probably due to them being fast moving tons of metal) especially in the U.S. Here in the UK, the closest law I know of that would work like that would be aiding and abetting a crime, but that would involve the accused having knowledge that the crime was going to be committed.

Democracy - two wolves and a sheep voting on what to have for lunch.

Re:IPs parallel the discoverable world

[TheGoodNamesWereGone]

Star Wars?

Re:IPs parallel the discoverable world

I wouldn't say no way. Perhaps no way after the fact if all of those points weren't logging or something like that. If someone spent enough time they could set things up so that the next time you did something nefarious they had adequate evidence. It would be a lot of work. Think Mitnick.

Re:IPs parallel the discoverable world

I was using an IP address to log in users for the prototype game client / server code. To test some latency issues I connected to the City-Wide WIFI network in Corpus Christi, TX. I couldn't log in because a neighbor friend of mine had already joined the server over the City's WIFI connection. Looking at the logs I determined that HALF the City was using a single IP address.

I can't tell if you're more of a fool or a moron... Even worse, you're probably just a know-nothing know-it-all.

Re:IPs parallel the discoverable world

You can use it to help you identify the miscreant. Its just not definitive on all cases, everywhere, all the time which is what some companies would like the courts to believe.

Re:IPs parallel the discoverable world

[ewanm89]

DNA changes all the time, it's called mutation, often the change has no effect, other times it just ends up with a dead cell and so the mutation isn't multiplied, when this goes really wrong in other ways one ends up with uncontrolled growth and this we term as cancer, any 2 cells in the same organism may have slightly different DNA. Mutations happen from a variety of reasons, radiation, exposure to certain chemicals (we call these mutagens, they also tend to be carcinogens as mutations can cause cancer), viruses, and just simple errors in the way DNA is replicated during mitosis and meiosis. Cells also have a way to attempt to repair DNA damage though this does not always work.

Seems a simple demonstration is all thats needed

It seems the solution would be to use reaver or aircrack-ng to demonstrate the concept to the judge. If he doesn't believe, do it to his home router and download away. It won't be your fault. You were not in charge of that ip.

Re:IPs parallel the discoverable world

[Tastecicles]

actually, the standard test does not discriminate between siblings.

source: I was privy to a case in the UK where the standard test was employed to attempt to determine paternity; the test could not separate the two men (who were full siblings) who were contending paternity. Rather than go to the expense of an extended test (which would certainly have been able to separate enough markers to determine paternity), the "court" decided to find fact in favour of the Local Authority who had claimed that the brother of the husband was in fact the father, hence the mother was an adultress, hence untrustworthy.

Re:IPs parallel the discoverable world

[Tastecicles]

"Negligent homicide"?

Last time I checked, homicide was a crime.

Re:IPs parallel the discoverable world

If you're sharing a connection with your roommates, the police no have reason to go around searching everyone's computers. They need to know which person to search first. They may have an IP address, but until they know who, it's private property. Remember, Copyright is a civil issue and the plaintiff must know whom they're attacking, but they can't violate other's rights to identify.

a trial is "necessary to find the truth." ???

[zotz]

a trial is "necessary to find the truth." ???

Wouldn't an experiment or a demonstration be more in order?

Or is that what the trial is to consist of?

all the best,

drew

Re:a trial is "necessary to find the truth." ???

It's called assessing the evidence.

Re:IPs parallel the discoverable world

[skywire]

That simply proves that Maryland has dispensed with due process.

Re:IPs parallel the discoverable world

[LordLimecat]

Tedious compared to "forge packet saying I AM SPARTACUS AT MAC ADDRESS 00:11:22:33:44;55". Arp poisoning really only requires you to shout really, really loudly on the network.

Re:IPs parallel the discoverable world

[Hatta]

There are 13 standard Loci with something like 10 Alleles or more at each marker. So that is something like the chance of a "random" match as one in 10^-12.

Only if you operate on the assumption that none of those loci are correlated with each other.

Re:IPs parallel the discoverable world

[LordLimecat]

DHCP leases would not either necessarily, and regardless NONE of that is in any way authenticated-- your computer can claim to be whomever it wants at whatever IP and MAC it wants, and as long as the correct info is also out there it will make no difference to its reachibility. The idea that network announced info is forensically reliable is just false.

which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID)

Timing delays of a few microseconds across the internet? Yea, not going to be noticeable, considering the relatively massive delays incurred at your first hop and the high jitter most home connections will have. At best, you can sometimes identify what OS-- and sometimes, what application-- is at the other end of a connection, but thats it. You certainly cannot identify a specific NIC or machine from across a public network and through a NATted device. If you have evidence to the contrary, I (and Im sure a lot of IDS / IPS guys) would be interested to see it.

Since you can't imagine a death threat being sent and then the secret service not showing up ASAP?

Unless they want an immediate mistrial or acquittal caused by failure to apply due process, theyre going to get a warrant first, which doesnt happen on the timescale you seem to think it does. Ive seen a couple of these cases pop up, and the timescale is weeks, not hours. The culprits are caught by keeping evidence on their laptop and leaving stupid traces everywhere for the ISP to log.

Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days.

Baloney. There are TCP timeouts in both desktop OSes and routers to prevent resource exhaustion. Its substantially less than "days"; TCP was designed to function in high-loss situations, and would be unusable if the timeouts were set that high.

Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?

Its not a half-open connection, thats for sure. Closing half-open connections is kind of a basic function of the router. Got a reference to what youre citing? Im aware of memory leaks, but it tends to be in things like "HTTPS web console", not "basic function that even windows consumer editions can handle".

Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights.

Maybe you missed the memo, but for a while the allegation was that non-citizens captured in a warzone should have constitutional rights. Youre speaking nonsense; just because a citizen becomes fair game in a warzone when aligning themselves with military beligerents, doesnt change law in the US.

Not sure if youre aware, but the rules change slightly in a combat zone.

They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them.

We didnt bring charges against people in WW2 before detaining them as POWs, either. Somehow that never made it back to the US. Youre going to have to get over the fact that things are different when you take up arms and declare yourself an enemy combatant.

Re:IPs parallel the discoverable world

[LordLimecat]

I have only ever seen PPPoE used on DSL, and it seems to be moving towards DHCP. Every single non-DSL home connection I have seen has been DHCP.

Plus, Im pretty sure (though my PPPoE experience is limited) that you still get a dynamically assigned public IP even if your router is set to PPPoE.

Re:IPs parallel the discoverable world

[dbet]

So what does Starbucks do? Who shares their wifi with everyone? And other businesses? Is Starbucks guilty of anything their customers do on their wifi? And if they are legally allowed to share it, why can't an individual? Different laws for business vs individual? I see no reason why it would be inherently unethical and therefore must be against the law for a person to share his wifi with a stranger. It would also be a tough sell to say that legally you're responsible for anything done on your network, because you're an individual and not a business.

Re:IPs parallel the discoverable world

[Aryden]

Well yeah, we knew that though. It's funny, yet at the same time saddening, when you actually realize that the overwhelming majority of speed cameras and red light cameras are in the predominantly poorer black areas. When you get into "caucasia" as my friends call it, you don't see them anymore.

Re:IPs parallel the discoverable world

[lightknight]

I went with the horde of robot ninjas over the telepathic mind control. The upkeep costs are significantly lower...I have a brochure if you want one.

Re:IPs parallel the discoverable world

[Zero__Kelvin]

Oh. So you're my neighbor. Thanks!

Re:IPs parallel the discoverable world

[eth1]

In fact, if a person wanted to be really nasty about it, the following would be trivial to do:

1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.

You mean while I'm at work with said laptop with a lot of witnesses and firewall logs proving that I wasn't connected to the house? That would seem to be an even better indication that there was some funny business going on.

Re:IPs parallel the discoverable world

[morcego]

Is it an evil brochure ?

Re:IPs parallel the discoverable world

DNA testing is not fine. The tests only test a tiny part of the full string and use simple statistical methods to pad out the rest. This is why they fail when dealing with people from other parts of the world and family members. The tests are limited to sample sections and miss a huge amount of the full picture. It would appear that you're the one watching too much TV crime.

Re:IPs parallel the discoverable world

[a1cypher]

Canadian here. The way our cameras work is that they only issue a fine to the registered owner of the vehicle. It is the owners responsibility since they are the ones registered and paying insurance. If the car was speeding or ran a red light, then the owner consented to allow the driver to use the car, and so is responsible for any infractions while driving. If the owner knows who was driving at the time, then they can try and collect the fee from the person driving (visible in the photo), or they can choose to not let that person use their car in the future. That being said, since it does not prove the owner was driving, it does not affect the owners driving record (ie, no demerits, no effect on future insurance rates, etc..). The owner is allowed to plead that the driver did not have consent, in which case the car was considered stolen and proper police work can be done to determine if the car is in fact stolen, or if the owner is lying. If it was indeed stolen, I believe the owner is not responsible for the fees resulting from infractions.

Re:IPs parallel the discoverable world

[JASegler]

A better parallel is a phone number.

Somebody made a phone call with a voice distorter and threatened someone.
That phone call came from your house. Should you be arrested and thrown in jail because of that?
Or do they have to prove it was you that made the phone call?

Re:IPs parallel the discoverable world

[eqisow]

That's a much better analogy, I agree, but even then you have to consider that someone could use your IP address without even being on your property if your wireless isn't secured or is improperly secured.

One could perhaps argue that constitutes negligence, but if that's the case every McDonalds and Starbucks in the country is in trouble.

Judge needs a trial to find out if he has a nose.

I dont know anyone who has not used an IP that was not his.

Re:IPs parallel the discoverable world

[Brewmeister_Z]

"Just because its the law, does not mean its right." - cited to unknown (anyone know?)

I say this in response to any half-wit that follows/enforces a law without thinking it through (or at least get a "gut" or "common sense" feeling about it).

Another phrase I hate, but would love to throw back in the face of the speaker, is "Ignorance of the law is no excuse." I would haul in (after failing my test of obscure laws and other obvious violations they make on a daily basis) all the politicians, law enforcement, lawyers, judges, etc. that would have the nerve to utter those words and see how they like being on the receiving end.

Sadly, the only time that may ever happen is near the fall of our various government levels in the USA. Hopefully, under a new and improved system, these type have either met their demise or took the cue from former Nazi war criminals (AKA hiding in South America).

Re:IPs parallel the discoverable world

[AK+Marc]

I can't tell if you're more of a fool or a moron...

Fool, obviously, as I'm responding to a lying AC. It was a crappy ISP (given the smell in Chorpus Christi, I'd guess any competent network engineer would move, so I'll assume crappy ISP). You are obviously leaving out the part where it was all behind a NAT box because the ISP was too cheap to get enough IPs for its customers. When you lie by deliberate omission of pertinent facts, it shows that you know you are wrong. In that case, the public IP would trace back to the ISP, uniquely identifying the person responsible for the connection. Same as it going to a home user.

Re:IPs parallel the discoverable world

[AK+Marc]

They are, but Starbucks and McDonald's have more lawyers than the state, so the state wouldn't go after them. Likely the heavy downloaders don't want to contend with the low speeds and crappy coffee at those establishments and stay home.

Re:IPs parallel the discoverable world

[Cute+and+Cuddly]

As I said, " I do not care too much as my machine is secured (I run linux and the machine has been hardened to stop script kiddies)", so you won't get into the important stuff. If someone uses my network to download porn , so be it

Re:IPs parallel the discoverable world

[LordLimecat]

You miss my point. If you are using WPA or even WEP, there is a threshold to breaking past it. That threshold is so much higher than the one for spoofing a MAC, that it gains you no security whatsoever. Anyone who could break the WEP, MUST have the capability to spoof MACs (so he can issue the deauth commands and capture the re-auth traffic).

Its sort of like, you deadbolt your front door, and then use masking tape to secure the door a bit more securely to its frame. Anyone getting thru the deadbolt probably wont notice that you put the masking tape up.

Re:IPs parallel the discoverable world

Much better analogy. It is, at least here in the US, in an area with wires off the poles, extremely easy to 'tap' someone's phone line and use it for whatever purpose you want (c'mon, it's 2 clip leads and then dial). My ISP is the phone company, off the same two wires (DSL), it would probably be fairly trivial for them to hook their own DSL modem up to that line. My cable (if I had cable internet) runs down the side of my house in similar fashion, it would be trivial to tap into.

Now, I'll add here that you're practically standing in plain sight of any of my neighbors while doing it, but that doesn't mean its not possible to do, or that you couldn't do it easily under the cover of darkness...

Re:IPs parallel the discoverable world

The whole point of these cases is not to go to trial, but rather to get a payout with little expenditure of money. Most of the firms that are pursuing these sorts of cases just ignore ones that have any opposition after they get contact information. Almost every case that actually involves a trial is about fighting to be allowed to easily obtain contact information and send extortion letters.

Bingo. They are simply looking for 'backup' on their proposition that having your IP address gets your name/home-address which then gives them someone to harass/extort for money with threats of court. They don't want to take you to court, they want the court to give them backing for the 'idea' that - using the license plate analogy brought up here - if the 'crime' was committed by a vehicle with your plate# on it, you are guilty...

Mind you, the crime was committed by someone w/ my stolen plate, on a different color/make/model vehicle that doesn't match the DMV info for my plate, and it was an Asian guy and I'm not Asian, and I was home at the time hosting a party with 40 people at my home all of whom can verify I was not committing the crime... but what *they* want is the court to say "the plate# is enough to prove guilt" - which it is NOT. The plate# is enough for suspicion/questioning/investigation, but without further evidence (car make/model matches, I match the description, no solid alibi for the time in question, etc) it is not a firm indication of guilt.

Re:IPs parallel the discoverable world

Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights.

Maybe you missed the memo, but for a while the allegation was that non-citizens captured in a warzone should have constitutional rights. Youre speaking nonsense; just because a citizen becomes fair game in a warzone when aligning themselves with military beligerents, doesnt change law in the US.

Not sure if youre aware, but the rules change slightly in a combat zone.

Maybe you missed the 'memo' the POTUS signed on New Years Eve just 10 months ago, called the "NDAA", which gives them the right to arrest a US citizen *on US soil* (not "in a warzone", unless you consider everywhere in the US a warzone), for disagreeing with the government in some way they don't like (you belligerent you, how dare you criticize the government - what do you think you have 'free speech' or something?), detain them without charges and without trial indefinitely (enjoy Sunny Guantanimo!). War zone, combat zone... your town... what's the difference right?

They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them.

We didnt bring charges against people in WW2 before detaining them as POWs, either. Somehow that never made it back to the US. Youre going to have to get over the fact that things are different when you take up arms and declare yourself an enemy combatant.

Open up google and look up "Japanese Americans 1942", and you'll find out all about what the government can do to over 100,000 law-abiding US citizens, without any "charges" other than the fact of their heritage/birthplace. You're going to have to get over the fact that, whether or not you 'declare yourself an enemy combatant', you have no rights other than the few the government deems you have, until *they* decide you don't, and then say goodbye to your precious 'rights' the second they don't see any advantage to you having them. And it doesn't matter whether you are in a "combat zone" or not. "Terror" is an idea, not a place, so when it comes to a "war on terror" your own home is potentially a "war zone", and you potentially have no rights.

Re:IPs parallel the discoverable world

Unfortunately the standard in civil cases is "a preponderance of evidence," not "no reasonable doubt."

Unfortunately, a single IP is not "a preponderance of evidence", it is a single piece of evidence with no other evidence to back it up.

That's like saying "the store down the street reported a man stole a chunk of Swiss Cheese, and ran up the street in this direction - you are sitting on your porch, in the direction he ran, eating a Ham and Swiss sandwich, that has Swiss Cheese on it, therefore you must be guilty." That doesn't fly as a "preponderance" of evidence, without something backing it up. If, on the other hand, they gave a description that matched you, including your clothing, had a security video of you running out of the store, etc... then yes.

Re:IPs parallel the discoverable world

[poofmeisterp]

Since you can't imagine a death threat being sent and then the secret service not showing up ASAP?

(sorry, Slashdot doesn't have a "quickquote" tag)

I'll remind you that this is not a death threat to the President being discussed. The article is about file sharing.

These two things' time sensitivity are handled quite differently.

Plus, it's just not on-topic so the ultimate point appears to be "look what I know" and not so much "I have loads of information that applies to this situation."

Since you seem to know your stuff (I'm not being facetious; I'm serious), what do you think can be extracted at the time of home invasion for search and seizure of evidence for a file sharing case?

Also, in your experience, is enough time between the actual detection of the file sharing activity and the search accrued, without notification to the suspect, that the retained device storage information might be completely 'wiped clean' (so to speak)?

Re:This is still an issue? Are you KIDDING?!

[poofmeisterp]

Given the fact that wi-fi is so predominant these days and the fact that several access points are left unsecured as well as the fact that any particular access point routes to one of a number of IP addresses belonging to the same subscriber, an IP address is not a reliable way of determining who actually downloaded things illegally.

Well, there will be a law introduced in the next two years that makes having an insecure wireless access point a crime (not a misdemeanor). Watch.

Re:IPs parallel the discoverable world

[Gerzel]

Yes Homicide is a crime, but so is negligence leading to a death. However the latter isn't the same as homicide.

Re:IPs parallel the discoverable world

gmhowell, do slashdot a favor, and leave. Your posts are a giant waste of time, or trolling. You're a waste of life.