Slashdot Mirror
Judge Orders Piracy Trial To Test IP Address Evidence
another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth."
"The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."
People can share IP addresses, but only twins share DNA?
From the comfort of my living room I can connect to no fewer than 6 access points that don't belong to me. 2 more if I wanted to take 5 minutes to crack a few WEP passwords. If I had a mind to I could use them to download movies, music. If I really wanted to cause trouble there are plenty of worse things I could do.
There would be absolutely no way to trace that activity back to me, and the people taking the blame would be guilty of no other crime than not understanding how networks operate.
Spoofing another person's DNA would be *slightly* more challenging.
Your DNA can get nearly anywhere very easily. If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.
DNA isn't as accurate as some make it out to be.
An IP address can _help_ positively identify a person. :) ).
;).
It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP
If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.
But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.
However in this case they want huge fines and the fines to go to them
People can share IP addresses, but only twins share DNA?
Eww, incest is gross.
Their may be a grammatical error, misspeling, or evn a typo in this post.
This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.
That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.
What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.
God bless America.
#fuckbeta #iamslashdot #dicemustdie
Not only that, but the current testing methodology is questionable. Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this. The statistical probabilities given that someone has the same DNA are based on the completely unsupported assertion that there is no genetic relation between these markers.
Not too many people have katana's, not too many people keep chopsticks in their silverware drawer. So you could argue that someone having both these things makes it highly unlikely the suspect is the killer. In reality, I'd venture most everyone with a katana also has chopsticks. Having both is slightly more statistically unique than having one but it is nowhere near as distinct as the individual probabilities of having these items would suggest. The same may well be true of these markers or of certain value combinations of them.
I wouldn't buy something based on a companies claim of statistical success because it is too easy to use selective information and to spin results. Why are we using this same kind of data to send people to prison.
The Internet is meant to be open and free. You clearly oppose that because you believe that it's easier to adopt a Tough On Crime mentality than to do some actual police work. It's much easier to just throw your arms up and say "I don't know who did this, so we're punishing you!" than to accept that you can't get all the 'bad guys'.
If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?
If normal people can't get away with it, businesses shouldn't be able to, either.
MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.
In fact, if a person wanted to be really nasty about it, the following would be trivial to do:
1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.
Police come knocking on your door, check log files if your router has them, and right there in the logs is YOUR mac address from YOUR laptop correlated with the illegal activity.
Anyone who understands wireless networking, even a little, should know that the thought of an IP address being considered legal proof of identity is an absolutely TERRIFYING concept.
The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.
While 100% accurate, the problem is that part of these "too many people" are the police, the judges and jury.
What private company? And nobody has asserted that it matches a unique person,
Ahem ahem ahem.
I'm sorry, I was caught by a sudden cough. Do continue...
but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.
Yes, I completely agree. Unfortunately, while you show much clue in the field of statistics, you show very little clue in the field of human behavior.
DNA is routinely used, not to narrow down the suspects pool, but in order to find the suspect to begin with. That is why DNA databases are so lucrative for law enforcement. Quite often, a finger gets pointed at someone because police already had his DNA for an unrelated reason. As I'm sure you understand, this kind of use is precisely the kind where GP's concerns are justified.
Shachar
Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error.
No you won't. There are 13 standard Loci with something like 10 Alleles or more at each marker. So that is something like the chance of a "random" match as one in 10^-12. This is both correct and wrong. First many of these 13 markers have more than 10 alleles and the provability is closer to something like 10^-15. Its wrong in that its not random, you share about 50% of these markers with your father for example. Even population wide this does reduce the randomness. Then there is a birthday paradox. But that does not apply in this case since you are matching the database to a given profile. So with 7 billion humans in the database, chances are that there is just one hit. Not millions. You would be very lucky to get more than one.
When comparing to a 100 suspects that are not related (remember the profile will tell us if they are related.) You are more like 99.99999999% sure. Even far more than that.
Yes this is directly related to my day job.
The Grey Goo disaster happened 3 billion years ago. This rock is covered in self replicating machines!