Slashdot Mirror
Judge Orders Piracy Trial To Test IP Address Evidence
another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth."
"The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."
An IP address will identify a connection, that someone is responsible for.
There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.
I'm god, but it's a bit of a drag really...
People can share IP addresses, but only twins share DNA?
Faulty analogy. I could temporarily use your internet connection to download something if you leave your wifi unsecured (or inadequately secured... for those who still use WEP). I can't hijack your body and use it to commit a crime that can be traced back to you through DNA evidence.
"It is a denial of justice not to stretch out a helping hand to the fallen; that is the common right of humanity."
From the comfort of my living room I can connect to no fewer than 6 access points that don't belong to me. 2 more if I wanted to take 5 minutes to crack a few WEP passwords. If I had a mind to I could use them to download movies, music. If I really wanted to cause trouble there are plenty of worse things I could do.
There would be absolutely no way to trace that activity back to me, and the people taking the blame would be guilty of no other crime than not understanding how networks operate.
Spoofing another person's DNA would be *slightly* more challenging.
Your DNA can get nearly anywhere very easily. If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.
DNA isn't as accurate as some make it out to be.
An IP address can _help_ positively identify a person. :) ).
;).
It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP
If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.
But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.
However in this case they want huge fines and the fines to go to them
Given the fact that wi-fi is so predominant these days and the fact that several access points are left unsecured as well as the fact that any particular access point routes to one of a number of IP addresses belonging to the same subscriber, an IP address is not a reliable way of determining who actually downloaded things illegally.
I have been a captive in America my entire life. Everybody and everything uses customary units instead of metric.
Yes you can. You can easily 'hijack' DNA from someone and plant it at the scene of your crime. Hair clippings, skin flakes, spit. You could even use it to commit the crime if you so desired, but you'll need a fair bit of hair to choke a full grown man. Could be fun though.
It's a bit like finding the get away car for the bank job in your house and all the neighbors agree you use it to drive to work.
Some drink at the fountain of knowledge. Others just gargle.
People can share IP addresses, but only twins share DNA?
Eww, incest is gross.
Their may be a grammatical error, misspeling, or evn a typo in this post.
This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.
That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.
What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.
God bless America.
#fuckbeta #iamslashdot #dicemustdie
The MAC address is only available on the home router. Home routers tend not to log this kind of information, because it would involve infrequent writes of small amounts of data to flash storage, which is a really great way to make it fail quickly. So in pretty much any case where the network wouldn't be secure, there would be no record of the MAC address.
Also, it's trivial to spoof a MAC address. E.g., just run bittorrent in a vmware virtual machine, and then blow it away when you're done—evidence gone, and the log will show that you are innocent.
The bottom line is that trusting IP addresses as personal identifiers is a really bad idea, which causes a great deal of social harm for a very small social benefit.
It can't identify a specific person. At all. The pigeonhole principle proves it irrefutably, since there are 4 billion possible IP's, but roughly 7 billion people on the planet. It is therefore impossible for an IP to uniquely identify an individual.
Although admittedly that particular argument isn't valid for IPv6... it's still true for a vast majority of IP addresses right now. Even under IPv6, however, it will probably still be the case unless (or until) we start directly associating unique IP's with particular people regardless of what kind of device they are utilizing, you still won't be able to associate an IP address with a particular person. At best, you can get only the subscriber who leased that IP. This may or may not be the individual, but an argument can be made (one that I don't fully agree with, but can see some valid reasoning behind) that a subscriber could be held accountable for activities on his or her subscription that they ought to have had the ability to supervise and approve of.
File under 'M' for 'Manic ranting'
and the people taking the blame would be guilty of no other crime than not understanding how networks operate.
Actually, they may understanding completely how networks operate, but have a device that requires the use of WEP (older wifi-enabled printers, anyone?). Don't assume that because something isn't secured to some arbitrary amount that the person who secured it was uneducated.
Also, there is some data left behind that could link it to you: Until the router is rebooted, it will probably maintain an ARP record (if not also a DHCP lease) in the memory of the device. That record will contain the MAC address of your wifi card, and possibly your computer name as well. People can and have been busted for this when, say, sending a death threat to the President. It turns out, the secret service does know a thing or two about this, and they pride themselves on doing anything necessary to find you, even if that means confinscating every computer in a given radius of that wifi router and comparing trace records to forensic data on each computer. Oh, and incase you're wondering -- as a matter of fact, no, the 4th amendment doesn't really apply when it comes to death threats against the president. Or any other law for that matter... they will find you.
#fuckbeta #iamslashdot #dicemustdie
Not only that, but the current testing methodology is questionable. Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this. The statistical probabilities given that someone has the same DNA are based on the completely unsupported assertion that there is no genetic relation between these markers.
Not too many people have katana's, not too many people keep chopsticks in their silverware drawer. So you could argue that someone having both these things makes it highly unlikely the suspect is the killer. In reality, I'd venture most everyone with a katana also has chopsticks. Having both is slightly more statistically unique than having one but it is nowhere near as distinct as the individual probabilities of having these items would suggest. The same may well be true of these markers or of certain value combinations of them.
I wouldn't buy something based on a companies claim of statistical success because it is too easy to use selective information and to spin results. Why are we using this same kind of data to send people to prison.
Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.
Whether there's anything more than a correlation between those links is part of the job of law enforcement and the judiciary to sort out.
There are also many cases where there are strong doubts regarding the link between DNA or IP and a person being more than happenstance in a given situation.
The analogy is far better than many seen on Slashdot.
But at least DNA doesnt change every 2 weeks.
Some routers/firewalls do log the MAC address, so they COULD trace it back to you.
Bullshit. If I was going to use someone else's Internet connection for illegal activities, don't you suppose it might be a good idea to take 2 seconds to run a script that will switch me to a randomly generated MAC?
The only way to get caught would be for someone to pin down the radio signal while the connection was in process. Once the activities were complete, there would be no traceable evidence to be had.
MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.
The problem is NAT and DHCP, for which there are no parallels for with DNA.
NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP.
DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.
Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.
In fact, if a person wanted to be really nasty about it, the following would be trivial to do:
1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.
Police come knocking on your door, check log files if your router has them, and right there in the logs is YOUR mac address from YOUR laptop correlated with the illegal activity.
Anyone who understands wireless networking, even a little, should know that the thought of an IP address being considered legal proof of identity is an absolutely TERRIFYING concept.
ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.
The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer 2 protocol and would not be leaked when sending ie a death threat to the president-- once those packets hit your router, the layer 2 information is stripped out and rewritten with the router's own info, which is then stripped and rewritten at the next hop. Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.
Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence, there would be no way from a network standpoint to prove whether the owner of that connection had actually committed the crime in question.
Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.
People can share IP addresses, but only twins share DNA?
http://en.wikipedia.org/wiki/Chimera_(genetics)#Human_chimeras
While the MAC address of a NIC can be tedious to alter
1.) Boot a backtrack iso
2.) Run macchanger -r eth0
There you go, you're now operating under a randomly generated MAC address.
Not too tedious, IMHO.
But at least DNA doesnt change every 2 weeks.
Logs will show who had which IP at which time. This is a non-issue.
I want to believe the court will rule that IP addresses don't prove which person used the equipment which held the address. It is consistent with how we treat cars, license plates, and drivers. Your plate is not enough for say a traffic offence, because you may not have been driving.
But I just can't justify faith in the system anymore. Honestly if I was going to bet a large percentage of my money on this, I would bet on the most authoritarian or fascist outcome possible. I would bet that the copyright cartels will get their way, even if the judge is fully aware this will result in innocent people being blamed for infringement they didn't actually do. Sadly I would probably win that bet. The courts have long ago decided that elaborate legal theories are more important than preserving and defending liberty.
I guess judges assume they are in the ruling/political class so the fascist laws they keep validating will never be used against them personally? That makes it okay, right? Somehow, in their minds? Just like so many politicians assume the massive debt won't be a real problem until long after they're out of power, so that makes it okay to them. The lowest worm or maggot is better than these people because it can't help being what it is. These people choose to be what they are.
Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this.
What private company? And nobody has asserted that it matches a unique person, but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.
Learn to love Alaska
ARP records would NOT contain your computer name
*facepalm* I also mentioned the DHCP lease data, which would. You missed that.
The idea that ARP caches have been used to bust people I find rather hard to believe, since...
Since you can't imagine a death threat being sent and then the secret service not showing up ASAP? You think they just sit around going "hmm, should we deal with this now, or after tea and crumpets?" No -- their response time is in hours. It's a job requirement that their sense of humor be surgically removed. The ARP data will likely still be in RAM, and yes, you crack open the device, and then remove the ram (or hook clips up to the debugging ports, etc., while it is powered on), chill it, and transfer it to a reader device to extract its contents. This is not theoretical: This has been proven, the people who wrote TrueCrypt describe this particular attack in great detail in their disclaimers and limitations documentation.
And yes, there are workarounds, there are always workarounds... But are dozens of things you need to do to cover your trail, and each of those things that you do reduce the pool of potential suspects. As well, you aren't considering the other evidence that may be available -- a witness to your car being parked outside a few hours before the guys with shotguns showing up, for example. The home security camera on the neighbor's house you didn't notice. The ANPR system of the gas station you drove by on the way to the street you parked outside of. The list goes on.
Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.
Yes, congratulations, you have a basic understanding of protocols. But you apparently don't understand implimentation of them in hardware, software, and firmware very well, and you're even worse at looking at the total system -- which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID). There's a hundred ways they can hang you -- and you only need to screwup once. Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days. Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?
Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence...
All ISPs are required by law to store that data; They have had to for years. Also, the government has been consolidating existing wiretapping efforts into a supermassive data center intended to store detailed and comprehensive records of all communications on the internet domestically. They don't necessarily need the ISP's assistance -- though it may speed up the execution of a search warrant.
Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.
You made a terroristic threat. Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights. They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them. A guy who merely accidentally bumped into the President spent several months in jail without a trial just last year. A government that has spent many trillions of dollars and bankrupted itself to protect against terrorism is not going to be held up by some internet critic's interpretation of the fourth amendment. The word "unreasonable" will be made to be amazingly elastic if you decide to attempt the aforementioned crime.
#fuckbeta #iamslashdot #dicemustdie
In windows, if you have a "good" driver, open the device properties. Go to the advanced tab. Set the MAC to whatever you like. You don't need to boot a new OS to do so.
Learn to love Alaska
The difference between my examples and yours is that the ones I mentioned actually DO happen. What world is it you live in where everyone correctly secures their PC and WiFi and never leaks a password?
The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.
While 100% accurate, the problem is that part of these "too many people" are the police, the judges and jury.
What private company? And nobody has asserted that it matches a unique person,
Ahem ahem ahem.
I'm sorry, I was caught by a sudden cough. Do continue...
but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.
Yes, I completely agree. Unfortunately, while you show much clue in the field of statistics, you show very little clue in the field of human behavior.
DNA is routinely used, not to narrow down the suspects pool, but in order to find the suspect to begin with. That is why DNA databases are so lucrative for law enforcement. Quite often, a finger gets pointed at someone because police already had his DNA for an unrelated reason. As I'm sure you understand, this kind of use is precisely the kind where GP's concerns are justified.
Shachar
I see you still can't hijack their bodies, and need to use technical measures.
Please return your evil overlord card.
morcego
Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.
Except that in this case, the plaintiff likely presented only a list of IP addresses, dates and a name of a torrent. I can create a list like that in a few minutes using Excel and the "RAND()" function. The relatively strict rules that apply to collection and custody of evidence like DNA samples is nowhere to be found in these copyright cases.
The whole point of these cases is not to go to trial, but rather to get a payout with little expenditure of money. Most of the firms that are pursuing these sorts of cases just ignore ones that have any opposition after they get contact information. Almost every case that actually involves a trial is about fighting to be allowed to easily obtain contact information and send extortion letters.
So, if the stats about file sharing are accurate, using randomly generated IP addresses and times in the initial discovery request would likely never be uncovered, because there would be enough people who are scared into settling. This is especially true in this case, where porn is involved. As long as the contact info they get hits people who downloaded porn (any porn), they're likely to get a decent settlement rate.
The only way to get real evidence of file sharing is too much work for the payout, as the copyright holder would have to download a relatively large chunk of the infringed work (or possibly all of it if it was a split RAR file) from every defendant's computer. This would require a well-behaved torrent client (to avoid things like disconnection for bad data) but modified to store each copy of the downloaded data separately, and to never upload (since uploading would be similar to entrapment in a criminal case). Next, the computer used to do this downloading would have to be in some way "frozen" to keep from altering any of the proof, while still allowing access to that proof for generation of the lawsuit. Last, the copyright holder would have to allow experts for the defense access to the "frozen" computer that was used to do the downloading.
Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error.
No you won't. There are 13 standard Loci with something like 10 Alleles or more at each marker. So that is something like the chance of a "random" match as one in 10^-12. This is both correct and wrong. First many of these 13 markers have more than 10 alleles and the provability is closer to something like 10^-15. Its wrong in that its not random, you share about 50% of these markers with your father for example. Even population wide this does reduce the randomness. Then there is a birthday paradox. But that does not apply in this case since you are matching the database to a given profile. So with 7 billion humans in the database, chances are that there is just one hit. Not millions. You would be very lucky to get more than one.
When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that.
Yes this is directly related to my day job.
The Grey Goo disaster happened 3 billion years ago. This rock is covered in self replicating machines!
My old wardriving rig had a new MAC address from a randomly selected vendor every time it booted up. Hell, the only consistent thing about it would've been the fact that it intentionally excluded two of the medium-common vendors -- one being its own, the other being an extra exclusion to not be blatantly obvious if it was ever tracked.
It's a basic command that can be ran on nearly any decent linux system that doesn't have a completely crap card.
MAC filtering is about as valuable as locks on car doors -- except at least if someone smashes your car, there's blatant evidence afterwards. With MAC cloning, the only evidence you might have is an interruption of service if you happened to be on at the same time. And that's only if your attacker was naive, or the network was configured better than most ones are in reality. Thank you arpping.
Yes, you should use MAC filtering, for the same reason you should lock the front door to your house. But you shouldn't count on it to protect you from anyone but utter incompetents.
IPv6 will still only get you the residence. Privacy address are used by default for out going connections and are changed regularly by the OS. If you run a server then you advertise a service the you use the stable address in the DNS which is constructed from the MAC if using SLAAC.
The address tagged as temporary below will be different this time tomorrow and they are the ones your browser uses when it wants to talk to the world.
% ifconfig en1 inet6
en1: flags=8863 mtu 1500
inet6 fe80::6233:4bff:fe01:7585%en1 prefixlen 64 scopeid 0x5
inet6 fd92:7065:b8e::6233:4bff:fe01:7585 prefixlen 64 autoconf
inet6 fd92:7065:b8e::9839:c2cc:8436:dd0b prefixlen 64 autoconf temporary
inet6 2001:470:1f00:820:6233:4bff:fe01:7585 prefixlen 64 autoconf
inet6 2001:470:1f00:820:2c19:2778:d2ee:a35b prefixlen 64 autoconf temporary
%
Actually if you can reasonably show you are unaware of who was driving, you CAN return the NIP (notice of intention to prosecute) with said information.
Maybe, but that is contrary to the information they provide on the NIP.
1) Not receiving the NIP in a timely manner - usually receipt outside of 14 days will be accepted here
Untrue - I received an "intent to prosecute" (or whatever they call the one you get if you don't respond to the NIP) a few years ago. I had never received the NIP, so I challenged them. They resent the NIP and gave me an extension, but they flatly said that this was a good will gesture and that legally they are deemed to have served the NIP if they have proof of posting. If the Royal Mail lose it, tough shit, you're still in the wrong for not having replied to the NIP you never received.
Yes, you can challenge this in court, and you may even win, but can you take the risk? The fixed penalty notice usually gives you the choice of a "training course" (no points) or points, making any kind of legal challenge causes the immediate withdrawal of the offer of a training course, and the courts can (and do) award much stiffer penalties than the fixed penalty notice if you lose.
The way the law applies to the police is, of course, completely out of line with the way it applies to the general public - several years ago I had to serve a legal notice, and I had to employ a process server to ensure it got there - a court would not have accepted just a proof of posting (or even a recorded delivery proof of receipt!)
http://blog.nexusuk.org
If I remember correctly there are actually two companies that sell almost all DNA testing supplies to crime labs in the US and they pick the genetic markers that are used. So while DNA profiling is not specifically tied to a single set of markers dictated by a private company, that is the practical result.
That probability you speak of is based on the assumption that the DNA markers being used have no correlation. That assumption is not factual. And 99% is nowhere near enough to meet a "beyond a reasonable doubt" burden. That means one in a hundred are false positives. That isn't even good enough to uniquely identify a staff member at many local businesses let alone uniquely identify a suspect for criminal conviction. There are 45 murder cases a day in the US. These days there is at least one DNA sample involved in most of them. At 99% that would mean at least one false positive at least once every couple days.
If the odds aren't good enough for a casino or lottery ticket to pay out a ten million dollar jackpot they are nowhere near good enough to provide the basis for convicting potentially innocent people. It is better to let a hundred guilty guys off than to wrongly imprison a single innocent person.
"When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that. "
Wrong. The reliability of the person doing the testing accurately is not anywhere near 99.99999999% or even 99.999% and represents the absolute maximum assurance the test can provide. That is comparable to saying something weighs 1.34545g when your scale is only accurate to +/- .1g.
The lack of randomness does not make DNA profiling a better indicator, it skews the odds the other way. It proves that there are relationships in these markers. If I have a one byte binary number you can say that there are 2^8 possible numbers so the chances of a randomly picked number matching mine are 2^8. But the moment that number has a meaning the uniqueness of the indicator drops. If it is human readable English text then there are only 96 possibilities and my random selection now has a 1 in 96 possibility of matching. If it was a "random" keypress the odds become much better and a simple number can no longer express the odds because some numbers are more probable than others, for instance if my random key is a home row key the odds are dramatically better than 96 to 1. More like 20 to 1 and even within the home row some keys are more likely than others.
The point being, while we suspect these markers are very unique, there definitely have not been any studies on a sample set nearly large enough to assert a 1 in 99.99999999% probability with any degree of confidence. Those type of odds assume there is no relation between these markers and any relation can drop the real probability by several orders of magnitude.
You can't expect a judge to be an expert on everything they have to rule on. That's why they call in true experts to testify about technical problems. The problem here has been that the "experts" spouting commentary toward the courts so far have come from "digital forensics" firms hired and paid for by the copyright owners--the ones who are also selling them with the premise of "yes, we can find the pirates for you".
Unfortunately, the individuals being sued in these cases so far haven't been able to provide similarly persuasive experts arguing against those claims. For any one person, it's cheaper to pay the protection money to drop the case than fund such a thing. Well, the wide nets they cast have finally caught the wrong fish this time. One of the "John Does" in this case has gotten the court to read a long paper on the issues around assuming IP address==identity and consider the arguments. The court record has entered "explanations as to how computer-based technology would allow non-subscribers to access a particular IP address" as a serious counter claim.
The really nice part is that the way the case is being constructed, the legal fees from the defendants will fall due on the copyright holder if they lose, if it's proven this was a frivilous, unfounded lawsuit all along. That makes the risk/reward on the defense legal budget here a whole different game than the normal big company vs. single person harassment that companies have been getting away with.
It's clear from the briefing the judge is not just suspicious of IP address identification, they have picked up on that part of the odious way these copyright trolls work, and they don't like that. They're not buying the idea that they should be able to use the court to help identify people, get their contact info from their ISP, and then move onto directly threatening them--outside of the court system.
Star Wars?
You can use it to help you identify the miscreant. Its just not definitive on all cases, everywhere, all the time which is what some companies would like the courts to believe.
a trial is "necessary to find the truth." ???
Wouldn't an experiment or a demonstration be more in order?
Or is that what the trial is to consist of?
all the best,
drew
FreeMusicPush If you want to see more Free Music made, listen to Free
So what does Starbucks do? Who shares their wifi with everyone? And other businesses? Is Starbucks guilty of anything their customers do on their wifi? And if they are legally allowed to share it, why can't an individual? Different laws for business vs individual? I see no reason why it would be inherently unethical and therefore must be against the law for a person to share his wifi with a stranger. It would also be a tough sell to say that legally you're responsible for anything done on your network, because you're an individual and not a business.
In fact, if a person wanted to be really nasty about it, the following would be trivial to do:
1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.
You mean while I'm at work with said laptop with a lot of witnesses and firewall logs proving that I wasn't connected to the house? That would seem to be an even better indication that there was some funny business going on.