WiFi Hotspots Elude RIAA Dragnet

mblase writes "A CNET News article discusses a problem the RIAA is having with its copyright enforcement strategy: public wireless hot spots. Normally, the RIAA notifies the ISP when a user is found to be violating their copyrights, but in this case, the ISP is powerless to do anything. Key quote: '...unless the administrator keeps detailed logs of everybody's account use - which is not required by law - she may well not know who was swapping files.' I wonder how long it will be before those detailed logs ARE required by law?"

What account?

[chill]

The free WiFi hotspots I've used don't require accounts at all. They just serve bandwidth and you connect thru DHCP.

Are they going to log MAC addresses? Good luck. I can use ifconfig on my Orinoco card and set the MAC. 00:00:00:00:00:00 and a prepaid debit card in a pseudonym works nicely on the AT&T Wireless hotspot in the Denver airport.

forced liability, coming soon to a lawyer near you

[MrLint]

' I wonder how long it will be before those detailed logs ARE required by law?"

I foresee something much worse, in fact I have been worrying about it for years. As it has been reported there are those ISPs that seem to want to have their nose up your butt and watch everything you do.

Well I foresee soon that *all* suspected criminal activity will have to be reported, oh and all those pesky logs you have around because you wanna be a hyper nosy jerk? Well you, my friend, have just just blown you plausible deniability plea. Because you are keeping all those logs, and you didn't notify the 'authorities' right away you have blown your safe harbor status cause the RIAA came to you. So guess what? You have just become an accessory after the fact. *oops*

When I tell people this they think im overly paranoid. well you decide.

Re:What account?

[JayPee]

Indeed. How about living in a suficiently urban environment with unsecured hotspots all around you? Grab a nice directional yagi antenna with sufficient gain and log in anonymously from miles away.

A free world through bad security.

[Bob The Lizard]

"I wonder how long it will be before those detailed logs ARE required by law?"

An interesting point occurs to me. One of the great things about the many 'anti-hacking' laws passed around the world is that most (if not all), have little (if any), requirement for systems operators to take reasonable steps to keep their systems secure.

So if I open up a Wi-Fi shop, and keep detailed logs, of all my paying users, but don't bother to secure the setup?????

'Yes officer, you can have the logs of my customers. Unfortunitly it dosen't cover the several thousand p2p users, who have creaked my system, and you want..... Yes thats correct, removing the howto from the MOTD would reduce this, but I'm under no requirement to do that.' :-)

Re:What account?

[Cipster]

My question is though why go through all that trouble for a few MP3's?
I think this is precisely what the RIAA is aming for: make it risky or inconvenient enough that people will stop using Kazaa etc...
Most people use those services because all you have to do is double-click on a few songs, go to bed with Kazaa on and the next day you have whatever music you wanted.
I doubt there will be a big group of people Wardriving for Tunes.

Re:Dynamic IP's Extra

[KrispyKringle]

I don't think so. The benefits of logging (detecting unauthorized or illegal use such as spam, computer vandalism, abuse, or trespass, and preventing other more heinous activity) far outweigh, for most ISPs, the minor inconvenience of dealing with a few occasional subpeonas, I would think. Hundreds or thousands of letters are sent, certainly, but not nearly as many cases of user information requests happen.

Granted that Verizon was willing to spend quite a lot in a protracted legal battle, but I think they'd be more willing to do that then stop logging. There really is a huge incentive for ISPs to log, even if they no longer charge by the hour.

Of Anonymity on the Internet and in the Real World

[GillBates0]

As much as I have come to hate the RIAA and it's dictatorial attitude off late, I really don't think online anonymity is the thing of the future. True, we would all like to be anonymous, and protect are so called privacy: online and elsewhere, but I just don't see it happening anytime soon, or maybe ever.

Consider anonymity in the real world. It's almost impossible to do anything really worthwhile completely anonymously. True, you may get along for a while, but sooner or later, you would need a job, a place to live, maybe a phone...the list goes on....and it's pretty much impossible to do any of these without proving your identity. You just cannot get along without remaining completely anonymous, in a fast developing world.

Maybe in lesser developed countries, you would not need an SSN or ID, but you would need alternate means of identification nevertheless, unless ofcourse you prefer to exist illegally under multiple identities.

With the Internet fast becoming part of our lives, and the ever broadening range of stuff that can be done online, it's but natural that some measures to establish identity come into force some time or the other.

People may argue that in the offline world, you are able to perform certain activities anonymously...say relax in a lounge chair in front of the fireplace...but BAM....as soon as you interact with society, anonymity is gone....Poof.

The problem with the Internet, is, that you are *always* interacting with some computer, somewhere, which does not belong to you. This is not true with the real world, if you're sitting lounging on a chair, you're interacting with the chair which belongs to you, thus ensuring anonymity. Anonymity on the Internet, on the other hand, is and will remain to be a very hard thing to achieve.

I guess that's a long enough rant for this time of the night.

EULA

[Omega's Wildfire]

This puts a whole new spin on the EULA. It kind of reminds me of some annoying pop up ads that claim I agreed for them to annoy the piss out of me.

More on topic, I believe these hot spots should provide the RIAA with one key thing... They have another way to annoy the public with stupid scare tactics. I think the RIAA has been watching too much of the SciFi network.

Re:It's quite simple...

[Anonymous Coward]

"If you think it's fair to copy someone else's material willy-nilly, then I'm willing to bet that you've never produced anything of any worth."

Most of us are in the same position as the musicians; everything of worth we have created is owned by a large corporation.

Won't last that long... now that its becomming big

[Marnhinn]

True a good portion of current WiFi hotspots don't require accounts - but also the amount of users swapping songs over WiFi is not that high yet.

Should the number increase the RIAA will simply sue them for aiding copyright infringment or whatnot and boom - suddenly logging systems will exist (they may not have them now - but somehow they will make them).

Privacy is good - when it is used correctly, but as soon as it becomes a cover for breaking the law, the courts will rule against it. Refusing to log on a WiFi, should the RIAA get a court order to do so (which is easy - simply show that someone is violating the law through such and such terminal), is like being an accessory to a crime. You cannot broadcast info from a police scanner over a ham radio network - you're allowing local people to get free info (more or less a ready to go crime set).

I dunno, but this won't last... systems that will are ones that have no centralized control. WiFi has admins (which some companies hold responsible) and therefore won't stand around to long. E5 / Freenet - those will be around, anonymous WiFi... I doubt it.

Who's gonna upload from a coffee shop?

[LostCluster]

This is just plain over before it started...

The RIAA dragnet is for uploaders because their theory is if they can scare people out of sharing, the non-sharing freeloaders will saturate the remaining uploaders so that the file-sharing network will cease to be useful.

But the coffee shop isn't the idea place to even set up a transient P2P sever. The P2P share would only exist when the laptop user is at the bookstore, which won't be that often to begin with. Any transfer in progress when the laptop user leaves the store will get aborted. Smart coffee shop owners have ADSL behind these shares, because they're expecting browsers not servers, so the upload speed won't be that pretty anyway.

This isn't a technology worth banning, it's not gonna be that useful to file-swappers in the first place!

Re:Of Anonymity on the Internet and in the Real Wo

[evilviper]

What you are missing is the level of anonymity.

On the internet, I have the equivalent of a Unique Identifier tatooed on my forehead.

In real life, if someone asks me my name, I can say "Hi, I'm Peter Smith", or perhaps say nothing at all. Online, it's incredibly easy (and regularly done) to automate the process of recording your IP address, and associating it with every action you take online... You can't refuse to give it, you can't shop somewhere else when they ask for it, you don't even get notification that they are doing it...

It's not to say you have true anonymity in public, unless you can change your physical appearance at a whim (to some extent that is possible), but the point is that you DO have some reasonable level of anonymity.

For instance, imagine that the FBI feels like fishing, and decides they want to know the identity of everyone who read about bombs, and politically dissenting material. For digital info, they simply have to ask for those records from each place, and correlate them. In the real world, they would need to track down everyone that was at each place, have them give a description, and then compare the descriptions. That doesn't make you anonymous, but it adds a large barrier to removing your anonymity, which, in reality, is all people really want.

Your rights to whine

[God! Awful 2]

Take this exact same story and substitute "file sharing" with "spamming". Would this story still be posted as a YRO?

(Actually, probably yes, except this time it would be about your right to sue the WiFi operator who allows untraceable spam.)

-a

Small constitutional issues . . .

[werdna]

The United States Constitution may have something to say about North Carolina's policy: the Supremacy Clause. Assuming, just for the sake of this argument, that the defendant's conduct was in fact copyright infringement, and there are no federal defenses, a State probably doesn't have the power to require, directly or indirectly, a compulsory license for which the Congress did not provide.

Re:Of Anonymity on the Internet and in the Real Wo

[adaknight]

In the spirit of poking holes in arguments for the sake of poking holes in arguments ... I don't have to show my driver's license in order to buy a compact disc (when using cash, anyway). The shopkeeper doesn't log the transaction along with my SSN. There are plenty of other ways that you remain anonymous in the offline world. Digital technology can be easily used to erode this anonymity at many levels, to the point where some machine or person somewhere becomes suspicious, determines that you are to be watched even more closely than you are already watched because of, say, your musical preferences.

As our offline world became more digitized, suspicious, and tracked, I for one loved the Internet as a medium where I had some measure of anonymity. I for one would like to keep things that way.

Logging in a peer to peer model

[oob]

As other posters have pointed out, legislating HotSpot operators to force the retention of access logs is a future possibility, with the result that organisations like the RIAA can treat HotSpot operators in the same manner that they currently treat ISPs.

A flaw in that plan however is peer to peer routing protocols, such as AODV. While still in development (ostensibly for use in wireless networks) AODV enabled devices are capable of routing to one another peer to peer, rather than the star topology currently used by most HotSpots (and wired networks.)

Good luck to the RIAA trying to detect two people wirelessly swapping files as they walk anonymously past one another in the street.

Re:It's quite simple...

[Alien Being]

I'm all for IP laws as long as they represent the interests of the people. A decade or two of exclusive trade rights ought to be plenty of time reap the harvest of nearly any creation, but 70+ years for a cartoon mouse is ludicrous. Let's just find the decendents of the guy who invented the wheel and award them ownership of GM.

Re:Who's gonna upload from a coffee shop?

[Anonymous Coward]

Think laterally. (That's what people did before they started thinking 'outside the box')

If you started a 'Music Appreciation Society' that met at your local Borders at say, 7pm every Monday, for coffee and discussion, things could get interesting. Since you'd actually be meeting people and making friends, that p2p would then be covered under fair use.

Sure, the choice might be more limited, but I bet the average quality would be better.

Now supposing the next town(s) over had their society(societies) meet on a different day(s). If just a few people mix it up the choice would increase substantially.

Plus, I'm in favor of anything that might help geeks meet more chicks.

RIAA is a real thread to freedom

[zenyu]

I run a public WiFi hot spot and had my internet access cut off for days. The ISP support people couldn't figure out what was wrong. Finally they discovered someone had removed my business network from their routing tables because of a DMCA threat from EMI.

I explained the WiFi hot spot and they put me back online. Then I was forced to put up sophisticated filters to prevent suspect outgoing connections while allowing most good connections through. I then set up a freenet node. I don't offer a lot of bandwidth to anonymous users, so I think someone that walked by just happened to have some p2p application running on their laptop. But a large part of the reason I offer this service is because I believe in anonymous communication especially for whistle-blowers and for people with unpopular ideas. I know someone that got physical threats and had a friend of his killed for expressing his political opinions. The FBI was absolutely no help, their tech person even threatened him when he didn't want them to take his computer to their lab as evidence after it was hacked by one of the wackos. (The FBI would do more to harm his political speech 'helping' him if they took away his computer, since much of it is via the web. He had also been told by another agent they could just image the hard drive so he didn't really trust this guy.)

If somebody creates a law requiring logging, I'll be lining up to practice my duty as a citizen, civil disobedience of immoral laws. I hope it's not just because someone bought some crap from an RIAA label and put it on their computer. I really have no respect for the people that keep those intellectual "property" leeches in business, but I'll do it for that 13 year old girl sharing the latest boy band tripe too.

Re:Dynamic IP's Extra

[drsmithy]

Don't think of ISPs protecting file-sharers, shift it to protecting distributers of child pornography.

Ah yes, the political equivalent of a ten year old bursting into tears. If all else fails, play the "but won't somebody think of the children" card.

In fact, I can imagine a strong legal case that providing untracable access to an IP network is an attractive nuisance that the ISP knew, or should have known, would be used in the commission of felonies. Big time liabilities lurking.

And should this same principle apply to anybody providing any form of anonymity to others ?

Re:HE, not SHE

[Dixie_Flatline]

Actually, 'they' is perfectly acceptable when referring to people of unknown gender in a sentence and doesn't carry the predisposition that the person being talked about is male.

Language is about thought. If you hear 'he', you're far more likely to think that the person being referred to is male, no matter what is technically grammatically correct.

This is the same deal as 'fireman' versus 'firefighter', 'mailman' versus 'mail carrier', etc.

I'm no fanatic about this sort of thing, but I don't object to removing the gender bias in the language where it's not ridiculous. I don't advocate changing 'manhole' to 'personhole', or making sure 'thrust fault' comes out of the language because it's somehow offensive to complete whackos (I bring that up because it's a direct example from a crazy female geologist that I heard in one of my geology courses that thinks that such a term is responsible for driving women away from the field; the truth is it takes special people to stay IN geology and study ROCKS for their whole lives).

In any case, I don't agree with using 'she', either. That's just as bad. The gender neutral terms 'one' and 'they' can always be used in place of 'he' and 'she'.

Re:Copying is not theft

[tinrobot]

But buying it is what entitles you to own a copy.

Let's see, right here is a digital copy of a song that costs, say, a dollar to legally download from Apple.

Over there is the same digital copy of the same song on Kazaa. Free for the taking.

Let's say I don't want to buy the one from Apple. Does the fact that "I would not have bought it" entitle me to the free one? Using your logic, wanting to buy it means I should pay for it, but NOT wanting it means I can still get it for free.

So, that means I should not express the desire to buy ANY music in any form whatsoever. That would give me the right to take all the music I want for free.

Thinking about it, I really don't want that new car I was looking at...

Re:Who's gonna upload from a coffee shop?

[pla]

The RIAA dragnet is for uploaders because their theory is if they can scare people out of sharing, the non-sharing freeloaders will saturate the remaining uploaders so that the file-sharing network will cease to be useful.

And before that, they only went after companies, on the theory that only companies had the deep pockets to produce the software that make file-sharing possible. If they could scare companies away from creating file-sharing apps, the problem would cease to exist

Unfortunately, like their first approach, their second one will fail as well. And the RIAA WILL start going after progressively smaller fish. I'd say within a year we'll hear about their first attack on a group of particuarly heavy downloaders.

And, in the long term, don't feel too surprised when "plausible deniability", at least in the online world, turns into "plausible guilt". Run something like Freenet, where they can't tell exactly who requested a particular file, and everyone along the chain of the request bears equal "guilt" for the download.

So rare

[mr100percent]

Is this a real problem? I mean, most of the people they catch are those running sharing services for a relatively long time, like the people who leave the PC on 24/7. The people who connect to a WiFi for 10 minutes to grab some email aren't the ones risking getting caught. So how many people would the RIAA be really after? Extremely few that their p2p scanners would catch.

So is this a more of a "what if" scenario?

Re:Dynamic IP's Extra

[Ryan Stortz]

Beautifull. If the RIAA doesn't agree to the EULA, then they can't prosecute. Then they'd most likely go to court over it, if they lose all ISPs can do this. If they win, EULAs are invalid.

Re:I always wondered about this...

[femto]

The *real* anonymity will come when freenet [sourceforge.net] is implemented as a network layer over WiFi equipment, displacing the IP protocol. It might even be possible to also replace the datalink layer, eliminating ethernet addresses as well.

It will be impossible to gather IP addresses, as there will *be* no IP address. The only way of identifying a user will be to identify the chain of nodes though which the request passed. This will require extracting data from every user in the chain. A difficult task with no user keeping logs.

Re:What account?

[sleeper0]

i am sure it is a waste of time now, but it would be pretty cool if there was a simple way that people published media on wifi networks. Fast forward to the very near future and listen to songs on your wifi iPod that are being streamed by that other guy with the wifi iPod on the bus, or in the car next to you in a traffic jam, or your neighbor or that guy that works two floors above you that has the amazing collection of jimi hendrix bootlegs. The only thing really standing in the way of that would be wifi being a power hog and having a standard to do it with.

Re:Dynamic IP's Extra

[King_TJ]

No, ISP's don't *have* to log all of this information "for the sake of liability". They do so because they cave in to the government's scare tactics.

I can understand keeping track of the time users connect to the service. Like you said, that's a necessary function of billing. Tracking details such as which newsgroups a user accessed (and moreover, keeping that information for long periods of time on tape backups) is above and beyond what I'd consider "necessary".

To make an analogy, that's like your local phone company tracking not only the numbers you dialed and when, but also recording your conversations on audio tape and archiving them for at least 1 year.

If the FBI shows up and demands information on one of your users, fine - give them his name, billing/mailing address, and last known good phone number. That's not enough to help them out? Well, fine - give them info on how many hours the user was connected and what time they connected. Still not enough?? Tell them to go do a little *investigation* and quit making you do their job for them!

Re:Dynamic IP's Extra

[cpt kangarooski]

The issue here is that copyrights can only be granted for creative work.

Facts -- such as a phone number, or that Canada is the capital of Russia* are clearly not creative.

However, creativity can be present in a particular selection and arrangement of facts. But not always. The phone book listings -- name, address, town, phone number -- are not creative. Anyone making a phone book would do that.

With a map, the actual artwork may be creative in its own right, and the selection of facts MAY be creative as well, but it depends on what facts were selected.

Whether the information is public or not is irrelevant. My favorite color is a secret for purposes of this post, but it still isn't creative. It's just a fact, even if you don't know it.**

*Why yes, I am an American. How did you guess?
**My favorite color is infrared.

The seminal case on this is "Feist Publications" and a google should reveal it immediately. It's worth reading.

Richard Stallman's take on it

[MichaelCrawford]

While he wasn't talking about music, in discussing the need for free documentation, RMS makes a distinction between software and prose writing by supporting the idea that one ought to be able to forbid expressions of opinion from being altered. From Free Software and Free Manuals: [gnu.org]

As a general rule, I don't believe that it is essential for people to have permission to modify all sorts of articles and books. The issues for writings are not necessarily the same as those for software. For example, I don't think you or I are obliged to give permission to modify articles like this one, which describe our actions and our views.

Thus you commonly see opinion pieces written by RMS posted on the net, in which he gives permission to make only verbatim copies of what he wrote. I do the same in Is This the America I Love? [goingware.com].

However, this has caused friction with the Debian community, because they feel that the fact that the GNU Free Documentation License provides for Invariant Sections and mandatory Cover Texts makes it non-free. They're working on a policy statement to this effect, and getting ready to move all the GFDL'ed documentation from main to non-free. You can find out more about that in Why You Shouldn't Use the GNU FDL [rr.com].

I observed some of the debate between the Debian developers and RMS on the debian-legal list, and while there are other significant issues, the main sticking point seemed to come down to whether or not political activism had any place in technical documentation. You can imagine Stallman's position on that. I come from way before "Open Source" was ever heard of, so I personally share Stallman's position.

It's an issue for me because I have some articles [sunsite.dk] which use the GFDL, so I discussed the issue at some length in Which License for Free Documentation? [advogato.org] The followup discussion has been very helpful.

Now why is this relevant to music?

The issue of whether it is moral (from Stallman's perspective) to forbid alteration of a work I believe comes down to whether the work is primarily functional in nature, or expressive of a personal opinion. The obvious utility of software, and the ability to combine code from different packages into new programs tips the balance heavily towards the side that says one must allow software to be altered. But that's not so clear with writing, which may be either unexpressive technical documentation, or impassioned political expression.

Music is much more like writing than software. Someone who is not a musician might not see it this way, but I feel that my music is an expression of my opinion. I can well see that there is other music that could not possibly be considered that way, and so I would support Stallman's position that not only copying but modification of such music must be permitted.

However, I don't think Stallman has completely thought this through when considering music explicitly. Have a look at his piece Regarding Gnutella [gnu.org].

Re:Dynamic IP's Extra

[spectecjr]

My logs are copyrighted, and if the RIAA wants to see them, they have to agree to an EULA stating that they won't sue me or anyone named in the logs, and on top of that they must also pay $25 for a copy of the log on CD, which they are not allowed to copy, distribute, or share.

Or, alternatively, they just subpoena the information, and when you try that line on them, you end up in contempt of court, and spend a couple of days in the klink to cool off.

Re:Well if everyone would quit breaking the law

[I(rispee_I(reme]

That does not change the fact that anyone who seeks power is unfit to wield it.

Re:Copying is not theft

[Fallen_Knight]

actauly its not the same. If you could do that then many people who would have paid to see the movie wouldn't and would just wait to get the empty seats. ALSO more poeple = less enjoyment for the poeple who paid. So the manager has reasons not to let you in for free aside from the fact its for free. Now if you were friends/enployee/realative chances are he'd be like "yea sure, go right on in!".

Downlaoding a song that you were never going to buy doesn't do either. It only effects you in that now you get some music to enjoy, thou in a manner that artist doesn't want. And i can in the end have a positive effect.

And when our not someone who wasn't ever going to buy a CD, you were someone who always buys CDs and you were sampleing to see if you liked it (its the only way except for the top 40 they play on the radio over and over), Or someone who sometimes buys CDs and were seeing if it was worthwhile CD to buy. I never, and i mean NEVER baught CDs r even listen to non classical music untill p2p (i had tapes!), now i own quite a few CDs, but once RIAA starting being ignorent fucks i stopped buying them (well except for 1 that was on sale for 5$ cnd), maybe if they stop being such fools i'll start buying CDs again.

Nice try with the theater one thou, its one of the best i've heard yet. The only thing you can do in real life that can comepare to p2p is recording something off the radio or a concert and passing the tapes around. That didn't hurt the RIAA one bit so i don't think P2P is going to in any way. They are like petty children that are mad about the fasct they no longer have complete and total control.

Re:It's quite simple...

[antiMStroll]

They didn't care about it before now, because it's only with the rise of fast connections to the Internet that people have had enough bandwidth to make it a real problem. The losses were a blip on the radar.

So, so wrong. The industry fought VCRs, they fought cassettes, they fought radio. Going further back they fought sheet music. Had people taken your recommendation a hundred years ago none would exisit today and the music industry would be much worse off.