The source is an article in news.com.au, home of Rupert Murdoch. The businessman who is preparing to turn the Wall Street Journal into a supermarket tabloid. He's in the business of selling papers, and has a history of doing whatever it takes to make them sell.
TFA shows it to be "in the works", and not, as the blurb says, passed into law. It may well end up being passed, but it doesn't look like it has been yet.
S.704 Title: A bill to amend the Communications Act of 1934 to prohibit manipulation of caller identification information. Sponsor: Sen Nelson, Bill [FL] (introduced 2/28/2007) Cosponsors (4) Latest Major Action: 6/27/2007 Senate committee/subcommittee actions. Status: Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.ALL ACTIONS:
2/28/2007:
Sponsor introductory remarks on measure. (CR S2360-2361) 2/28/2007:
Read twice and referred to the Committee on Commerce, Science, and Transportation. (text of measure as introduced: CR S2361-2362)
6/21/2007:
Committee on Commerce, Science, and Transportation. Hearings held.
6/27/2007:
Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
Its companion bill did pass in the House: H.R.251 Title: To amend the Communications Act of 1934 to prohibit manipulation of caller identification information, and for other purposes. Sponsor: Rep Engel, Eliot L. [NY-17] (introduced 1/5/2007) Cosponsors (31) Latest Major Action: 6/13/2007 Referred to Senate committee. Status: Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation. House Reports: 110-188MAJOR ACTIONS:
1/5/2007 Introduced in House 6/11/2007 Reported (Amended) by the Committee on Energy and Commerce. H. Rept. 110-188. 6/12/2007 Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote. 6/13/2007 Referred to Senate committee: Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.
How do you explain [Cuban] people risking their lives and the lives of their families to escape?
The same way you explain everybody else who risks their lives in order to sneak into the US? You know, maybe the ones that the big national debate on "amnesty" is about? Cubans get automatic "amnesty", they don't have to worry about being rounded up by the cops, like the rest of the "illegals".
If you are emailing about killing the president while a police officer is watching bits go by in the air (which is not anything like a wire tap), then that officer will rightly arrest you.
You seem to be narrowing the case from general email snooping, to snooping email by sniffing radio traffic.
I must disagree. Monitoring the bitstream is very much like tapping a party-line telephone (or listening to all the calls on your party line with your hand over the mouthpiece). I believe that US law supports this view. I don't see any difference between the cases where the bitstream is carried by radio, wire, or fiber, except that in the case of radio, you can do the tap without a physical connection.
In any case, snooping email is not normally done by monitoring the bitstream. It is done by examining stored copies of the email. And we seem to agree that a court order should be required to do that.
The police need the warrant to get into your filing cabinet, but if they see the postcard/email while its in the mail/flowing over a public line, then I can see that being reasonable.
How is that part different from tapping your telephone?
Of course encrypted email is more secure, but that's a second (different) issue. The same would be true for mail, if the letter inside the envelope is encrypted. Where the postcard analogy falls down is that with email, there is almost no legitimate way anyone else will accidently see it (except admins doing maintenance.. and statistically the odds of that happening for any given piece of mail are very very low).
An analogy that is even less innately private is radio. Plaintext radio can be overheard by anyone who happens to be listening. Everybody (except for cellphone users) knows that. Yet one of the very first things you learn when you prepare for an FCC license exam is that a 1936 law prohibits you from divulging any private message you hear to anyone but the intended recipient. 72 years ago, they understood that privacy could be expected even though it was technically easy to listen in.
A postcard, or a plaintext email, is like the front seat of your car: you have very low expectation of privacy because it's in plain public sight. A cop who pulls you over for a minor infraction will see your drugs sitting in the passenger seat and ask you about them.
So you're saying that if your ISP lets a cop root through all the user mail, maybe because he really needs to get that url so he can get some viagra, that if he accidently looks at your mail and sees something, he can take action. Somehow this seems like an implausible scenario. No, it's not "in plain public sight". The Electronic Communications Privacy Act makes that quite clear. I can't look over your way and just happen to see your email. Do ISPs let cops randomly paw through user mail in pursuit of "a minor infraction"? Well, aside from ATT, who apparently handed them the keys and said "take what you want".
However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did
I would like to think that no ISP would ever spy on me or keep records of my activities. I would like to think that no ISP would provide data without a court order. Unfortunately, what I would like to think bears little relation to what actually is. And my understanding is that the (US) government no longer requires a court order to demand such things.
there are Real world measurements at which BMWs are superior
Indeed, but remember, I excluded "testosterone". That pretty much covers the "looks" and "status" that "add value to my product" (by which I suppose you mean, me.. somehow, I think it's unlikely that any car is going to make me all that much more attractive).
I'm willing to bet that a new BMW breaks down a lot less often than a 12 year old Ford.
Could be, but I didn't specify "new". How's a 12 year old BMW going to compare? I expect the BMW is better built, but at that age it depends more on how the car has been driven and taken care of over the years. When it does break down, which is going to be easier to find parts and service for?
Comfort
Gotta concede that point to BMW. Bigger, better seats, certainly quieter. Might be a more important point if I spent my days driving, but who'd want to do that?
Safety
Another point for the BMW, if it's not a convertible. But a lot of that is due to the fact that it weighs more. If you wanted to be really safe, you'd drive a Kenworth, and you wouldn't even notice the bump when you squashed a BMW.
The only positive point for driving an old junker is cost.
Well, if we include environmental issues along with cost (I probably get better mileage than the BMW, and it consumed less energy to make my car). But few people are in a position to say, "cost is no object". I don't need the car as a crutch to attract [chicks | dudes | wealthy patrons], and not spending money on the car means I can spend it on other things. Or work a little less. Like I said, it gets me from Point A to Point B, it's not a surrogate sex organ.
Most people looking at computers are looking for the cheapest thing (I know from shopping with my relatives).
And, you know, most of the time* the cheapest thing will do the job just fine. I'm a tech worker, and a year ago I bought the cheapest Acer laptop they had for $400. What do I use it for? Ah.. the web, spreadsheets, a little word processing (nasty keyboard, but all laptops have nasty keyboards). I do understand the features of a top end machine, and I can appreciate them. But for most of what most people do, the cheapie is entirely adequate, they'll never see much for that extra thousand bucks.
Some of us just want to get from Point A to Point B. And yeah, I drive a 12 year old Ford Aspire (the car with the name that sounds like a pulmonary emergency). It gets me from Point A to Point B just fine. Sure, the BMW will go faster, but I don't need the speeding tickets. You want to compare total cost per mile with that BMW? I can't think of any objective real-world measure by which the BMW is superior, if we exclude those involving testosterone.
_______ *Most people don't spend a lot of time playing intense games. Really.
An Anonymous Coward said: And to be clear, MS is not talking about low-level consumers (such as the individuals using Blackberries). They are talking about big companies that have deployed F/OSS in their core business structure...
I think tactically they wouldn't go after individuals. Not enough payback and too much PR damage. But I am not aware that they have waived the right to do so. They could indeed choose to emulate the RIAA approach. I don't know what they will do. Do you?
There is a lot of american cuisine. Spinach Salad Waldorf Salad... on and on and on...
Big Macs White Castles Pop Tarts Pringles Kool Aid microwave popcorn hominy grits Diet Coca-Cola Scrapple Hostess Twinkies Budweiser...oh, never mind. I admit I'd never heard of garbage plate, but it appears to be limited to 0.001% of the country, so it makes more sense to call it a curiousity than cuisine.
1. It doesn't download the whole file from your system. Which means that they can't really show that you have the file
I haven't seen the OA, because part of it is slashdotted. But, presuming they have the SHA1 (and perhaps TTH) hashes from the victim, and a bit-identical sample (compared to the whole file they downloaded from somewhere else), that may be close enough. (I don't know if they restrict themselves to victims who have files with matching hashes, or even make any check for file bogosity, though. Given that they're on record as threatening to sue people who simply had an offending character string in the filename, they may not.)
2. It doesn't really prove it was you, it just logs it to an IP address
This would seem to be the weakest of their points.
3. It currently doesn't do bit torrent, just other P2P systems
Gnutella/G2 and eD2K specifically. Maybe. But what makes you think this is their only tool? We do know they've sued Kazaa and bit torrent users as well. And Shareaza (the OSS source their program is apparently based on) does do bit torrent, so it doesn't seem like a big step, except maybe for the fact that bit torrent doesn't provide an automatic search mechanism.
Their system is not airtight. But for a lawsuit they don't need to meet the standard of proof that a criminal trial needs.
Vacuum tubes ALWAYS emit light when working, because of they way they are built.
Only if they have glass envelopes. There are plenty of vacuum tubes that had metal envelopes (as mentioned in the very same reference you gave), and they emit nothing but heat. Metal tubes were often seen in '40s-'50s auto radios and in the cheap "All American 5" AC/DC sets, and are still common in high-power applications.
Certainly you have the domain "owner" that ought to have a legal address somewhere.
Yup. >Registrant: >Domains by Proxy, Inc. >DomainsByProxy.com >15111 N. Hayden Rd., Ste 160, PMB 353 >Scottsdale, Arizona 85260 >United States
So you need to deal with their lawyers first. That assumes that they know. The webmaster and the nameservers are in the Netherlands. But (if you do find him) I'm sure he'll be impressed by a subpoena from Utah.
Of course, if you want to shorten log retention further than Google's "only 2 years!", you can go through a proxy like Anonymizer or Tor. If the fullbore proxies are too much of a hassle, there's always the search proxies like Scroogle Scraper (where the log retention is 48 hours).
Another approach is to poison the data mine with TrackMeNot by generating thousands of random searches in the background.
The better that I was talking about is that when you brain fart and run out of gas
Nowdays most cars have gas gauges. I think VW was the last to get one, and that was in 1962. I think that in all the years since them, I've run out of gas once. Because I was a moron and pushed my luck. If I'd had to pay $100 for a service call, it would have served me right.
You really think we need to have our transport system designed so that people who are being idiots won't be put to any additional expense?
If the period of notice is less than 3 months, the expiry of the period of 3 months commencing with the day on which the notice is given or on such earlier date as the Chief of Defence Force may [from time to time prescribe
Ah, but that's the army. We're talking about civilian jobs.
In the USA you're not allowed to quit your army job. They can throw you in prison or shoot you for that. We cut a little more slack for civilians, though.
However, he still posted in the wrong place. He should have filed a bug report through regular Apple Developer channels. Anyone can file a bug report, you just have to sign up for a free Apple Developer Connection account.
Wow. Is that what they mean when they say Apple is user-friendly?
Likewise. A $400 Aspire 3620 (hey, I'm cheap, I've got real computers too, why waste money on the laptop when even the best ones have crappy keyboards and are hard to fix when they get old and break). And it doesn't seem to have come with lunchapp.ocx, either.
How can they prove - beyond reasonable doubt or even more likely than not - that they actually downloaded the files from the suspect
In a civil case (lawsuit), "better than even odds" is the standard. I'd think that a sworn (notarized) statement from whoever did the download would probably suffice. Especially if other evidence suggests the defendant was probably sharing files. Though one might want to ask questions to see if the person making the statement actually did know what they were talking about (e.g. that the software did connect and download exclusively from a single IP number, that the date and time stamps are accurate, how it was determined that the file downloaded was in fact infringing).
Of course, determining with any certainty what computer was behind the router, and who was operating it, is more difficult. But it will probably be up to the defendant to show that there's serious question as to that.
How do you prove that the contents of the "shared" folder were actually shared with third parties?
Indeed. A friend has a computer that runs P2P file sharing. The P2P program displays the number of query hits and uploads (for session and lifetime) for each file that is shared. Some of the files have never been downloaded. Granted, those tend to be files with names that either are completely uncommunicative ("H325B", "AnalogWholev099022.exe"), music by extremely obscure artists, and/or files that have recently been added. The friend did once receive a DMCA takedown notice for a movie which he did not possess or share. The file described in the notice as that movie was actually an mp3 of a performance that may, or may not, have been used in the movie (the performer's record label was owned by the same conglomerate that owned the music studio).
Files the RIAA has actually downloaded, they can identify with absolute certainty, though I don't know if they actually do so.. file or folder name alone is shakey (as they found with Professor Usher), filename plus size is better, having a SHA1 hash identical to the hash of a known copy is pretty sure). And they can prove that those files were actually shared with at least one third party (themselves). If they could download ten randomly selected files, it's a pretty fair assumption that it would have been possible for them to download most or all of the rest. But there is no way (short of extensive ISP or user logs) to know with certainty if anyone else actually has ever downloaded them.
I think I'd want to know if there has ever been a false-positive identification of a file. (There was, with Usher. Also with the BSA and some Linux files that were apparently "identified" by matching a substring in their filename. But those particular cases were weeded out in the bright glare of publicity and public ridicule, they didn't make it to court. Are other instances of misidentification known?) If they have ever run tests to see if the file matching can be fooled into false-positive matches (especially if they have not actually listened to the downloaded files), and what the accuracy rate is.
Slashdot Mirror
The source is an article in news.com.au, home of Rupert Murdoch. The businessman who is preparing to turn the Wall Street Journal into a supermarket tabloid. He's in the business of selling papers, and has a history of doing whatever it takes to make them sell.
TFA shows it to be "in the works", and not, as the blurb says, passed into law. It may well end up being passed, but it doesn't look like it has been yet.
S.704
Title: A bill to amend the Communications Act of 1934 to prohibit manipulation of caller identification information.
Sponsor: Sen Nelson, Bill [FL] (introduced 2/28/2007) Cosponsors (4)
Latest Major Action: 6/27/2007 Senate committee/subcommittee actions. Status: Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.ALL ACTIONS:
2/28/2007:
Sponsor introductory remarks on measure. (CR S2360-2361)
2/28/2007:
Read twice and referred to the Committee on Commerce, Science, and Transportation. (text of measure as introduced: CR S2361-2362)
6/21/2007:
Committee on Commerce, Science, and Transportation. Hearings held.
6/27/2007:
Committee on Commerce, Science, and Transportation. Ordered to be reported with an amendment in the nature of a substitute favorably.
Its companion bill did pass in the House:
H.R.251
Title: To amend the Communications Act of 1934 to prohibit manipulation of caller identification information, and for other purposes.
Sponsor: Rep Engel, Eliot L. [NY-17] (introduced 1/5/2007) Cosponsors (31)
Latest Major Action: 6/13/2007 Referred to Senate committee. Status: Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.
House Reports: 110-188MAJOR ACTIONS:
1/5/2007 Introduced in House
6/11/2007 Reported (Amended) by the Committee on Energy and Commerce. H. Rept. 110-188.
6/12/2007 Passed/agreed to in House: On motion to suspend the rules and pass the bill, as amended Agreed to by voice vote.
6/13/2007 Referred to Senate committee: Received in the Senate and Read twice and referred to the Committee on Commerce, Science, and Transportation.
How do you explain [Cuban] people risking their lives and the lives of their families to escape?
The same way you explain everybody else who risks their lives in order to sneak into the US? You know, maybe the ones that the big national debate on "amnesty" is about? Cubans get automatic "amnesty", they don't have to worry about being rounded up by the cops, like the rest of the "illegals".
If you are emailing about killing the president while a police officer is watching bits go by in the air (which is not anything like a wire tap), then that officer will rightly arrest you.
You seem to be narrowing the case from general email snooping, to snooping email by sniffing radio traffic.
I must disagree. Monitoring the bitstream is very much like tapping a party-line telephone (or listening to all the calls on your party line with your hand over the mouthpiece). I believe that US law supports this view. I don't see any difference between the cases where the bitstream is carried by radio, wire, or fiber, except that in the case of radio, you can do the tap without a physical connection.
In any case, snooping email is not normally done by monitoring the bitstream. It is done by examining stored copies of the email. And we seem to agree that a court order should be required to do that.
The police need the warrant to get into your filing cabinet, but if they see the postcard/email while its in the mail/flowing over a public line, then I can see that being reasonable.
How is that part different from tapping your telephone?
Of course encrypted email is more secure, but that's a second (different) issue. The same would be true for mail, if the letter inside the envelope is encrypted. Where the postcard analogy falls down is that with email, there is almost no legitimate way anyone else will accidently see it (except admins doing maintenance.. and statistically the odds of that happening for any given piece of mail are very very low).
An analogy that is even less innately private is radio. Plaintext radio can be overheard by anyone who happens to be listening. Everybody (except for cellphone users) knows that. Yet one of the very first things you learn when you prepare for an FCC license exam is that a 1936 law prohibits you from divulging any private message you hear to anyone but the intended recipient. 72 years ago, they understood that privacy could be expected even though it was technically easy to listen in.
A postcard, or a plaintext email, is like the front seat of your car: you have very low expectation of privacy because it's in plain public sight. A cop who pulls you over for a minor infraction will see your drugs sitting in the passenger seat and ask you about them.
So you're saying that if your ISP lets a cop root through all the user mail, maybe because he really needs to get that url so he can get some viagra, that if he accidently looks at your mail and sees something, he can take action. Somehow this seems like an implausible scenario. No, it's not "in plain public sight". The Electronic Communications Privacy Act makes that quite clear. I can't look over your way and just happen to see your email. Do ISPs let cops randomly paw through user mail in pursuit of "a minor infraction"? Well, aside from ATT, who apparently handed them the keys and said "take what you want".
However, we absolutely, positively refused to provide subscriber information without a court order of some kind, however. I would like to think that most ISPs operate to the same standards we did
I would like to think that no ISP would ever spy on me or keep records of my activities. I would like to think that no ISP would provide data without a court order. Unfortunately, what I would like to think bears little relation to what actually is. And my understanding is that the (US) government no longer requires a court order to demand such things.
there are Real world measurements at which BMWs are superior
Indeed, but remember, I excluded "testosterone". That pretty much covers the "looks" and "status" that "add value to my product" (by which I suppose you mean, me.. somehow, I think it's unlikely that any car is going to make me all that much more attractive).
I'm willing to bet that a new BMW breaks down a lot less often than a 12 year old Ford.
Could be, but I didn't specify "new". How's a 12 year old BMW going to compare? I expect the BMW is better built, but at that age it depends more on how the car has been driven and taken care of over the years. When it does break down, which is going to be easier to find parts and service for?
Comfort
Gotta concede that point to BMW. Bigger, better seats, certainly quieter. Might be a more important point if I spent my days driving, but who'd want to do that?
Safety
Another point for the BMW, if it's not a convertible. But a lot of that is due to the fact that it weighs more. If you wanted to be really safe, you'd drive a Kenworth, and you wouldn't even notice the bump when you squashed a BMW.
The only positive point for driving an old junker is cost.
Well, if we include environmental issues along with cost (I probably get better mileage than the BMW, and it consumed less energy to make my car). But few people are in a position to say, "cost is no object". I don't need the car as a crutch to attract [chicks | dudes | wealthy patrons], and not spending money on the car means I can spend it on other things. Or work a little less. Like I said, it gets me from Point A to Point B, it's not a surrogate sex organ.
Most people looking at computers are looking for the cheapest thing (I know from shopping with my relatives).
And, you know, most of the time* the cheapest thing will do the job just fine. I'm a tech worker, and a year ago I bought the cheapest Acer laptop they had for $400. What do I use it for? Ah.. the web, spreadsheets, a little word processing (nasty keyboard, but all laptops have nasty keyboards). I do understand the features of a top end machine, and I can appreciate them. But for most of what most people do, the cheapie is entirely adequate, they'll never see much for that extra thousand bucks.
Some of us just want to get from Point A to Point B. And yeah, I drive a 12 year old Ford Aspire (the car with the name that sounds like a pulmonary emergency). It gets me from Point A to Point B just fine. Sure, the BMW will go faster, but I don't need the speeding tickets. You want to compare total cost per mile with that BMW? I can't think of any objective real-world measure by which the BMW is superior, if we exclude those involving testosterone.
_______
*Most people don't spend a lot of time playing intense games. Really.
An Anonymous Coward said:
And to be clear, MS is not talking about low-level consumers (such as the individuals using Blackberries).
They are talking about big companies that have deployed F/OSS in their core business structure...
I think tactically they wouldn't go after individuals. Not enough payback and too much PR damage. But I am not aware that they have waived the right to do so. They could indeed choose to emulate the RIAA approach. I don't know what they will do. Do you?
Steve, is that you?
I found that Nina was his boyfriend for awhile, but that she broke off the relationship.
I'm glad we got that straightened out.
There is a lot of american cuisine. ...
...oh, never mind. I admit I'd never heard of garbage plate, but it appears to be limited to 0.001% of the country, so it makes more sense to call it a curiousity than cuisine.
Spinach Salad
Waldorf Salad
on and on and on...
Big Macs
White Castles
Pop Tarts
Pringles
Kool Aid
microwave popcorn
hominy grits
Diet Coca-Cola
Scrapple
Hostess Twinkies
Budweiser
1. It doesn't download the whole file from your system. Which means that they can't really show that you have the file
I haven't seen the OA, because part of it is slashdotted. But, presuming they have the SHA1 (and perhaps TTH) hashes from the victim, and a bit-identical sample (compared to the whole file they downloaded from somewhere else), that may be close enough. (I don't know if they restrict themselves to victims who have files with matching hashes, or even make any check for file bogosity, though. Given that they're on record as threatening to sue people who simply had an offending character string in the filename, they may not.)
2. It doesn't really prove it was you, it just logs it to an IP address
This would seem to be the weakest of their points.
3. It currently doesn't do bit torrent, just other P2P systems
Gnutella/G2 and eD2K specifically. Maybe. But what makes you think this is their only tool? We do know they've sued Kazaa and bit torrent users as well. And Shareaza (the OSS source their program is apparently based on) does do bit torrent, so it doesn't seem like a big step, except maybe for the fact that bit torrent doesn't provide an automatic search mechanism.
Their system is not airtight. But for a lawsuit they don't need to meet the standard of proof that a criminal trial needs.
Vacuum tubes ALWAYS emit light when working, because of they way they are built.
Only if they have glass envelopes. There are plenty of vacuum tubes that had metal envelopes (as mentioned in the very same reference you gave), and they emit nothing but heat. Metal tubes were often seen in '40s-'50s auto radios and in the cheap "All American 5" AC/DC sets, and are still common in high-power applications.
Certainly you have the domain "owner" that ought to have a legal address somewhere.
Yup.
>Registrant:
>Domains by Proxy, Inc.
>DomainsByProxy.com
>15111 N. Hayden Rd., Ste 160, PMB 353
>Scottsdale, Arizona 85260
>United States
So you need to deal with their lawyers first. That assumes that they know. The webmaster and the nameservers are in the Netherlands. But (if you do find him) I'm sure he'll be impressed by a subpoena from Utah.
I meant to say CustomizeGoogle Firefox plugin
That helps.
Of course, if you want to shorten log retention further than Google's "only 2 years!", you can go through a proxy like Anonymizer or Tor. If the fullbore proxies are too much of a hassle, there's always the search proxies like Scroogle Scraper (where the log retention is 48 hours).
Another approach is to poison the data mine with TrackMeNot by generating thousands of random searches in the background.
First use a OS that allows you to change your MAC address
For Win XP, you can use FOSS macshift to set either a specific or random MAC address.
The better that I was talking about is that when you brain fart and run out of gas
Nowdays most cars have gas gauges. I think VW was the last to get one, and that was in 1962. I think that in all the years since them, I've run out of gas once. Because I was a moron and pushed my luck. If I'd had to pay $100 for a service call, it would have served me right.
You really think we need to have our transport system designed so that people who are being idiots won't be put to any additional expense?
Are the "swarms" disjoint sets of nodes that are only sharing certain types of files?
The "swarms" are sets of nodes that are sharing (and downloading, usually) the same file.
Assumptions aren't proof.
Civil cases (i.e. suing you) don't require proof to win, at least in the USA. All they require is "better than 50:50".
Assumptions aren't even EVIDENCE
Having your IP number in a BitTorrent swarm is EVIDENCE. It may not be airtight, but see above.
If the period of notice is less than 3 months, the expiry of the period of 3 months commencing with the day on which the notice is given or on such earlier date as the Chief of Defence Force may [from time to time prescribe
Ah, but that's the army. We're talking about civilian jobs.
In the USA you're not allowed to quit your army job. They can throw you in prison or shoot you for that. We cut a little more slack for civilians, though.
However, he still posted in the wrong place. He should have filed a bug report through regular Apple Developer channels. Anyone can file a bug report, you just have to sign up for a free Apple Developer Connection account.
Wow. Is that what they mean when they say Apple is user-friendly?
Typing this on an Acer laptop.
Likewise. A $400 Aspire 3620 (hey, I'm cheap, I've got real computers too, why waste money on the laptop when even the best ones have crappy keyboards and are hard to fix when they get old and break). And it doesn't seem to have come with lunchapp.ocx, either.
How can they prove - beyond reasonable doubt or even more likely than not - that they actually downloaded the files from the suspect
In a civil case (lawsuit), "better than even odds" is the standard. I'd think that a sworn (notarized) statement from whoever did the download would probably suffice. Especially if other evidence suggests the defendant was probably sharing files. Though one might want to ask questions to see if the person making the statement actually did know what they were talking about (e.g. that the software did connect and download exclusively from a single IP number, that the date and time stamps are accurate, how it was determined that the file downloaded was in fact infringing).
Of course, determining with any certainty what computer was behind the router, and who was operating it, is more difficult. But it will probably be up to the defendant to show that there's serious question as to that.
How do you prove that the contents of the "shared" folder were actually shared with third parties?
Indeed. A friend has a computer that runs P2P file sharing. The P2P program displays the number of query hits and uploads (for session and lifetime) for each file that is shared. Some of the files have never been downloaded. Granted, those tend to be files with names that either are completely uncommunicative ("H325B", "AnalogWholev099022.exe"), music by extremely obscure artists, and/or files that have recently been added. The friend did once receive a DMCA takedown notice for a movie which he did not possess or share. The file described in the notice as that movie was actually an mp3 of a performance that may, or may not, have been used in the movie (the performer's record label was owned by the same conglomerate that owned the music studio).
Files the RIAA has actually downloaded, they can identify with absolute certainty, though I don't know if they actually do so.. file or folder name alone is shakey (as they found with Professor Usher), filename plus size is better, having a SHA1 hash identical to the hash of a known copy is pretty sure). And they can prove that those files were actually shared with at least one third party (themselves). If they could download ten randomly selected files, it's a pretty fair assumption that it would have been possible for them to download most or all of the rest. But there is no way (short of extensive ISP or user logs) to know with certainty if anyone else actually has ever downloaded them.
I think I'd want to know if there has ever been a false-positive identification of a file. (There was, with Usher. Also with the BSA and some Linux files that were apparently "identified" by matching a substring in their filename. But those particular cases were weeded out in the bright glare of publicity and public ridicule, they didn't make it to court. Are other instances of misidentification known?) If they have ever run tests to see if the file matching can be fooled into false-positive matches (especially if they have not actually listened to the downloaded files), and what the accuracy rate is.