Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
The Courts Government Security News IT

RIAA Security Expert's Quest For Reliability 170

Posted by Zonk
from the is-he-who-he-says-he-is dept.
NewYorkCountryLawyer writes "In the ongoing case of UMG v. Lindor, Ms. Lindor has now moved to exclude the trial testimony of the RIAA's 'expert' witness, Dr. Doug Jacobson. Jacobson is the CTO and co-founder of Palisade Systems, Inc, and a teacher of internet security at Iowa State, but in his February 23rd deposition testimony she argues he failed to meet the reliability standards prescribed by Daubert v. Merrell Dow Pharmaceuticals, Inc. and Federal Rule of Evidence 702. The Groklaw and Slashdot communities participated in both the preparation of the deposition questions, and the vetting of the witness's responses."
This discussion has been archived. No new comments can be posted.

RIAA Security Expert's Quest For Reliability

Comments Filter:
  • by Mateo_LeFou (859634) on Saturday April 28, 2007 @06:04PM (#18914441) Homepage
    Could T real FA please stand up?
  • Ask me! (Score:4, Funny)

    by alienmole (15522) on Saturday April 28, 2007 @06:05PM (#18914449)
    I know how the RIAA can achieve reliability - it's easy, really. All they need to do is...

    Wait, what am I doing? On second thought, they can kiss my skinny pasty-white nerd ass.
  • Moderately Amused (Score:3, Insightful)

    by Mateo_LeFou (859634) on Saturday April 28, 2007 @06:09PM (#18914457) Homepage
    That it required two very large combined communities to refute this sham expert. Still, that makes me hopefuly that mechanisms like this might rescue part of our judicial system from the money game.
  • Awesome. (Score:3, Insightful)

    by EaglemanBSA (950534) on Saturday April 28, 2007 @06:27PM (#18914551)
    I think it's good to see not only someone continuing to fight back, but that we can make a difference as a technical community (hopefully).

    2cents I also think that the RIAA and everyone from them can fornicate themselves with an iron stick. /2cents

    I can see the troll/flamebait mods coming already.
    • Yes, because making a difference in the community and hating the RIAA are two sure-fire ways to earn yourself a punch in the face on slashdot.
    • by Alsee (515537)
      I also think that the RIAA and everyone from them can fornicate themselves with an iron stick.

      Dear RIAA,

      Results 1 - 20 of about 2,780 for "iron dildo". (0.46 seconds)
      Sincerely yours, The Internet

      -
  • Am I the only one (Score:5, Interesting)

    by Workaphobia (931620) on Saturday April 28, 2007 @06:52PM (#18914707) Journal
    Am I the only one who does NOT despise Jacobson? I thought he held up fairly well in that deposition under the pressure of some of Mr. Beckerman's more irrelevant questions - for example, the ones targetting his vocabulary, or the ones about why he didn't produce imaginary documentation detailing an absense of evidence.

    There are plenty of weak points in the RIAA's case as a whole. One could attack the chain of identity leading to the defendent - is the infringing activity traced to the correct IP, and is the IP at that time actually the one that belonged to Ms. Lindor, and can we be reasonably sure the activity took place on her computer, and we don't even know that she was the one at the computer so would she even be liable... The chain of identity is probably the best weak point in their case, but you could also argue that the damages are negligable and fight the absurd statutory fee, or that perhaps no uploading took place and the torrent was all seeded one way.

    There are a number of legitimate arguments to be made, but the point I'm getting at is I don't see how the deposition of Jacobson attacked any of them sufficiently to prove or disprove his competence as an expert witness. Slashdot was quick to point out the minor screw-ups in his testimony, but many of those statements were perfectly fine in the context of explaining the technology to a layperson. Some of the "holes" in his argument were so unlikely that I would not even consider them reasonable doubt in a criminal case. Do you really think someone actually decided to frame the woman by filesharing wirelessly and changing her MAC address and internal NAT mappings to mask the presence of a wireless router? I don't.
    • Re: (Score:3, Insightful)

      by Dachannien (617929)
      imaginary documentation detailing an absense of evidence

      When there is a search space of a size small enough that the entirety of it can be searched, one can produce evidence documenting that something is not present within that space.

      • by The Rizz (1319)
        He is the prosecutions witness, so his job was to find evidence against the defendant, not to get their evidence for them. As long as he doesn't fabricate evidence or hide evidence he has done his job. If the defense wants that lack of evidence documented they can get their own expert witness; the data (or lack thereof) was not destroyed. If there is a question about it, it can be re-examined.

        Regardless, he states that no such evidence exists, and that he will swear to the absence of it. Since he is the exp
        • He is the prosecutions witness

          And in civil trials, it's referred to as the plaintiff. And, actually, in criminal court (where 'prosecution' is the appropriate word) the government is required to share any evidence it collects with the defendant, even if it doesn't plan to use that evidence itself.

          But this is all irrelevant, and kind of pedantic of me. What is important here is that Dr. Jacobson, through his own admissions, can't be used as an expert witness. The RIAA should have known this, and found

      • But it seemed like Mr. Beckerman was specifically grilling Jacobson for not enumerating the vast number of things he did not find in his search.

        Instead of saying "I found no evidence of animals", he was expected to record "I found no monkeys. I found no elephants. I found no really really big elephants. I found no zebras..." The information is simply redundant given that it can be summarized to a very simple line, but I suppose it's just good lawyering that one would draw out the point for as long as possi
        • Wrong - the "expert" was expected to indicate that he did/did not find evidence of file sharing/distribution - and I would expect the methodology or proof of either to be documented if I were that "expert" - who in their right mind on the other side of the court from the RIAA wouldnt ask "And you came to that conclusion how? Prove it. You just made a statement, so prove it." I know I would. Jacobson's answer of "gee I didnt think to document it", "gee I dont understand", etc to me did/would look ridiculous.

    • Re:Am I the only one (Score:5, Informative)

      by Anonymous Coward on Saturday April 28, 2007 @07:11PM (#18914823)
      RTFA and follow the links.

      The main argument is that all of his testimony is based on assuming the ISP and MediaSentry provided accurate information. MediaSentry and the ISP are not going to testify. In his deposition, the RIAA "expoert" stated he has no idea how MediaSentry or the ISP came to their conclusions. The cases sited require that the expert testimony start with verifiable facts, not with unverifiable information provided by third parties that will not even be in court.

      Furthermore, the sited case law requires that the expert use peer reviewable methods. The RIAA's "expert" made up his own methods that have never been published or reviewed. So he can't be considered an expert by the court.

      I kind of hope the judge refuses this motion. The RIAA's "expert" made enough errors in his deposition that he will be made a laughing stock on the stand.
      • by zappepcs (820751)
        No, you are not the only one. He pretty much declares himself incapable of being an 'expert witness' as the court defines it. Then goes on to validate arguments that show it is not possible to know beyond reasonable doubt that the defendant is guilty.

        From what I read, it didn't sound like they explored the whole mac address / ip address relationships and spoofing enough. Anyone that could present her mac address to the network DHCP server would likely get the same IP that her computer last acquired. If she
        • by ray-auch (454705)
          it is not possible to know beyond reasonable doubt that the defendant is guilty.


          Irrelevant - this is not a criminal case. They only need to show balance of probability (or whatever the similar phrase is in that jurisdiction).
          • by zappepcs (820751)
            So what you are saying indirectly is that what is really needed is someone to expose how hackers can and do steal identities for the purposes of downloading files illegally, or sharing them out to 3.5 million of their best friends using someone else's identity?

      • Re: (Score:2, Informative)

        by GregAllen (178208)
        You keep using that word. I do not think it means what you think it means.

        From WordNet (r) 2.0 [wn]:
        site
              v : assign a location to; "The company located some of their agents in Los Angeles" [syn: {locate}, {place}]
        cite
              v 1: make reference to; "His name was mentioned in connection with the invention" [syn: {mention}, {advert}, {bring up}, {name}, {refer}]
    • Re: (Score:3, Funny)

      by vivaoporto (1064484)

      Am I the only one who does NOT despise Jacobson?
      Yes. You must be new here, welcome to slashdot.
    • Re: (Score:2, Interesting)

      by Anonymous Coward
      Do you really think someone actually decided to frame the woman by filesharing wirelessly and changing her MAC address and internal NAT mappings to mask the presence of a wireless router? I don't.

      I think another explanation would not be that someone was framing the woman, but was using her computer to serve files (through a security exploit) so that they may escape detection. In fact, with the rise of large "botnets" I bet that this is probably commonplace. I have witnessed this firsthand on my family membe
      • Yes, that is another more plausible scenario, but people didn't settle for the plausible ones, they explored the more exotic and unrealistic explanations in an attempt to discredit Jacobson's generalizations. He was stating the rule, and his enemies were stating the exception.

        This touches on a fundamental conflict in technology and computer science: That there is a difference between what is practical and real, and what is mathematically possible. One can prove that it's possible that a number of factors ca
    • by Anonymous Coward
      I don't doubt that Dr. Jacobson knows what he is talking about. However, he doesn't come anywhere close to meeting the requirements for testifying in court. Check out the second link [blogspot.com] which ultimately goes to the motion to exclude [ilrweb.com] his testimony. The court needs to look at four criteria to determine if the expert's testimony is allowable as evidence:
      1. whether the expert's conclusions have been tested or are testable
      2. whether the expert's conclusions have been published and subjected to peer review
      3. the pote
    • I only made it halfway through the transcript, but he was just plain wrong about two things. Firstly, he states that a computer (rather than a network card) is what the IP address is assigned to, when in fact it is the reverse that is true.

      Secondly, he states that because the IP Kazaa reports in the IP payload matches the IP header, the computer wasn't NATed. I don't know the Kazaa protocol well enough to say for sure, but I would guess that it would be smart enough to not advertise a private address and d
      • > "Firstly, he states that a computer (rather than a network card) is what the IP address is assigned to, when in fact it is the reverse that is true."

        I don't remember him specifically saying that a network card does not have an IP address, but I think I do remember him attributing IPs to computers. I do not consider this to be a mistake because there's no reason why we can't consider a single NIC to be part of a personal computer. Really, why make a distinction between the two unless there's more than o
        • Re:Am I the only one (Score:4, Informative)

          by 87C751 (205250) <sdot@rant-cent r a l.com> on Sunday April 29, 2007 @08:36AM (#18918249) Homepage

          I don't remember him specifically saying that a network card does not have an IP address, but I think I do remember him attributing IPs to computers. I do not consider this to be a mistake because there's no reason why we can't consider a single NIC to be part of a personal computer. Really, why make a distinction between the two unless there's more than one NIC on a single host? It does not affect the equation as far as NAT and other relevant aspects.
          (note: I read the whole transcript)

          You missed the part(s) where he continued to state that the public IP address identifies one, and only one, computer. Even after admitting the existence of NAT, he kept returning to this assumption.

    • Your comment is a textbook exercise in fallacious reasoning and is off-topic. You go on and on about things that are never mentioned in the motion . The post is about the motion . And the motion is not about Dr. Jacobson's personality or mine, it's not about my questioning him on the hard drive inspection or about my questioning about his refusal to admit he knows the words 'inculpate' and 'exculpate'. It is not about the statutory damages unconstitutionality defense, or any of the other red herrings you
      • Correct. My post was not in direct response to anything in this article and was not supposed to address his eligibility as an expert witness based on the legal criteria. I am indeed off-topic. What I was addressing was how easily people seem to dismiss him as an expert (in the informal sense) based on his answers in the deposition. I am limiting my discussion of him to that deposition because I know nothing of the man or his status in this case besides what I read in it.
    • some of Mr. Beckerman's more irrelevant questions - for example, the ones targetting his vocabulary

      Are you aware that some of the words Mr. Beckerman ask him about are in the Code of Ethics of the organization he claims certification membership in?

      I thought not.

    • IANAL, but have been following this, and here is my interpretation. Mr. Beckerman can feel free to correct me if I am wrong and/or expound on this if there are points I have missed.

      Because Mr. Beckerman and Co have done far more through their actions than what you suggest. While your suggestion may get Ms Lindor off, their method has set precedants and/or invalidated numerous of the methods and sources of information that the RIAA heavily rely upon to make their cases. Thus, in effect, the RIAA must work

  • I don't see what the problem with his testimony is. He stated exactly what he was looking for, and exactly what he found within those parameters. Frankly, the defense attorney grilling him was being a complete dick for the most part by repeatedly asking him to verify something out of his area that he was never supposed to investigate. He freely admitted that any identification of who that IP address belonged to was not done by him, and he had no way to verify it; his testimony was about what IP was being us
    • You do not understand the law, or what the case was about, or what the deposition was about, or what the motion is about. The deposition was about what his methods were, and whether they were sufficiently "reliable" under the Daubert line of cases. His deposition testimony negated any possibility of his testimony being admissible at trial because he flunked all of the "reliability" standards.

      Your comment makes no sense. He was not "supposed to investigate" anything; he was "supposed to" testify about the investigation that was done three (3) years earlier.

      As to whether he was "out of his area", he probably was... but that's not my fault, that's his, for pretending to be something he's not, and it's the RIAA's, for inducing the man to pretend to be something he's not. While I may have been asking him things he couldn't answer, they were not irrelevant to his report and his proffered testimony; they were directly relevant to what he falsely claimed.

      I'm sorry to have to tell you that your knowledge of law is quite limited. There is no "prosecution"; this is a civil case. There is no concept of "reasonable doubt" in a civil case.

      Yes his testimony is helpful to defendant. But this is not a game; this is a federal trial where one side is suing someone for tens of thousands of dollars. Under clear standards of law his testimony is inadmissible and must be excluded. I would be a pretty dumb lawyer if I allowed the RIAA to bring this guy anywhere near a courtroom.

      • by The Rizz (1319)
        Your comment makes no sense. He was not "supposed to investigate" anything; he was "supposed to" testify about the investigation that was done three (3) years earlier.
        You're arguing phrasing here; when I said he was supposed to investigate something, I obviously meant that the investigation was for later testimony given the context.

        As to whether he was "out of his area", he probably was... but that's not my fault, that's his, for pretending to be something he's not, and it's the RIAA's, for inducing the man
        • This is what you said about me for doing my job:

          the defense attorney grilling him was being a complete dick

          Then when I correct your misuse of legal terms, you say

          You could've been nice and simply corrected me, but instead you attack my position based on nitpicking terminology.

          Sorry I'm not as

          nice
          as you are.
          • Which is better? a) let the expert witness testify because you know he's no expert and will only make the side he's trying to help look stupid, or b) show beforehand that he's not competent, and on that basis don't let him testify. Oh, and use this in court to demonstrate that the RIAA doesn't vet their "experts". The grandparent is thinking a) is maybe the better course of action. I'd definitely go with b). Why wait to demonstrate their stupidity? So you can make them look even dumberer? When you've

            • Ah, that was a fun part of the deposition. Yes, Mr. Beckerman was right to call him out on that and ask him repeatedly for an answer. The downside was that he did the same thing at other times when Jacobson was actually answering a malformed technical question as best as he could, and it didn't produce the result Beckerman was looking for.
      • by Gorshkov (932507)

        I would be a pretty dumb lawyer if I allowed the RIAA to bring this guy anywhere near a courtroom.

        Personally, I don't think that letting him near a courtroom would make you a dumb lawyer - I think it would make you dumb, PERIOD.

        Even without any technical knowledge - just analyzing his statements using logic - there are so many inconsistencies in what he says that it is impossible to conclude that he has any "expert" knowledge even within the field he's claiming to be an expert in .... his confusion rega

        • His testimony is inadmissible because it totally fails the "reliability" tests established by Daubert and Fed. R. Evid. 702. I have never heard of an expert failing so miserably.
          • by 51mon (566265)
            How much of this is down to the industry practice?

            They ask if he is in a professional body, but all he has is a doctorate in computing, and training in forensics, which puts him head and shoulders above others in the field in terms of qualifications.

            He's an engineer, he did what they ask of him.

            I'm surprised there wasn't a more structured procedure for the examination of the disk, I know if I was billing the RIAA for my time I'd be sure to send them long documented lists of things checked for, even if the c
            • I'm surprised there wasn't a more structured procedure for the examination of the disk, I know if I was billing the RIAA for my time I'd be sure to send them long documented lists of things checked for, even if the check turned out negative, and bill them for each printout of relevant settings.

              The problem was not so much as his testemony about the HD & his findings, as he was also supposed to testify about the process of identifying the IP address & ownership of the account using the IP address. Be

    • You say:

      He freely admitted that any identification of who that IP address belonged to was not done by him, and he had no way to verify it; his testimony was about what IP was being used for filesharing, not who that IP belonged to.
      ...
      The only problems I've seen anyone have with his testimony are that he's relying on the data he's given to be accurate (HTF else is he supposed to operate?), that he made a few minor errors in his testimony - i.e. mixing up some terms (this happens to people, and unlike a w

      • > "He can't do that. It's impossible. there is no way he can use those materials to prove that a computer owned by the defendant was used."

        By that I think he meant that he could demonstrate that she did not have a wireless router, and therefore that the computer belonged to her. Yes, a friend could have come by and plugged in, but ruling out wireless squatters as a scapegoat is a significant achievement for the plaintiff.

        > "His report has this error shortly after his credentials: [...] He doesn't ment
        • At least someone else got what I was trying to say.
        • by jgoemat (565882)

          By that I think he meant that he could demonstrate that she did not have a wireless router, and therefore that the computer belonged to her. Yes, a friend could have come by and plugged in, but ruling out wireless squatters as a scapegoat is a significant achievement for the plaintiff.

          Ruling out a wireless router would be beneficial to the plaintiff, but I don't think he did. He specifically noted that her computer was setup for DHCP. My wireless router can be setup for DHCP also. It seemed from his d

          • > "Ruling out a wireless router would be beneficial to the plaintiff, but I don't think he did. He specifically noted that her computer was setup for DHCP. My wireless router can be setup for DHCP also."

            He ruled out NAT by showing that a kazaa packet from her external IP address contained an internal IP address (in the data payload of the packet) that matched. If NAT had been present, it would have been translating her public IP address to a private one in the range of 192.168.1.x (for instance) and the
      • Thanks jgoemat. Good analysis of some of the fallacies in this guy's underlying reports.
      • His report states the following:

        15) I will testify to the procedures and results obtained by MediaSentry coupled with the information complied by defendant's ISP to demonstrate the defendant's internet account and computer were used to download and upload copyrighted music from the internet using the KaZaA peer-to-peer network.

        Actually, I hadn't read his original report, and did not know he was making this claim (I don't recall this being in the deposition either, but I could have just missed it - it was a

    • The questions about areas he hasn't personally analysed aim to show that he hasn't been diligent enough to produce 'expert testimony'. Specifically, according to Federal Rule of Evidence 702, expert evidence is admissible only if

      (1) the testimony is based upon sufficient facts or data, (2) the testimony is the product of reliable principles and methods

      In this instance, the facts upon which he is basing his testimony amount to an assumption that the ISP and MediaSentry information is perfectly accurate, and his results are the product of a proprietary, non-peer-reviewed procedure, using proprietary software and with no known erro

      • Exactly, Kijori.

        There are a few commenters who are missing the point of the motion, which is what the article is about.

        Thanks for reminding them.

        • by Kijori (897770)

          There are a few commenters who are missing the point of the motion, which is what the article is about.

          This is Slashdot. Of course there are! And most of the rest didn't even read the summary, let alone TFA. :D
  • MediaSentry is the software that detected the sharing of files and provided the initial IP address that was used to subpoena the account information. It's list of files available and the IP address of the computer that was sharing them is central to the case. In Florida [lockergnome.com], drunken driving cases have been thrown out because the manufacturer of the breathalyser wouldn't disclose the source code or internal workings. I think the defendant should have a right to inspect the MediaSentry source code. Otherwise

  • UMG (http://new.umusic.com/flash.aspx) is the primary group suing this person. Some of their artists include

    Beautiful South
    Cardigans
    Def Leppard
    Texas
    Peter Gabriel
    Razorlight
    Sheryl Crow

    By buying CDs or digital tracks by these artists, you are helping to fund this lawsuit. Please stop!

    UMG's artist lists can be found at:
    http://new.umusic.com/Artists.aspx?Index=0 [umusic.com]
    http://new.umusic.com/Artists.aspx?Index=1 [umusic.com]
    http://new.umusic.com/Artists.aspx?Index=2 [umusic.com]
    http://new.umusic.com/Artists.aspx?Index=3 [umusic.com]
    http://new.umusic.com/Artis [umusic.com]

"Buy land. They've stopped making it." -- Mark Twain

Working...