Forgot your password?
typodupeerror
Security The Courts Networking Piracy Privacy The Internet Your Rights Online

NY Judge Rules IP Addresses Insufficient To Identify Pirates 268

Posted by timothy
from the that-pesky-proof-thing dept.
milbournosphere writes "New York Judge Gary Brown has found that IP addresses don't provide enough evidence to identify pirates, and wrote an extensive argument explaining his reasoning. A quote from the judge's order: 'While a decade ago, home wireless networks were nearly non-existent, 61% of U.S. homes now have wireless access. As a result, a single IP address usually supports multiple computer devices – which unlike traditional telephones can be operated simultaneously by different individuals. Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff's film.' Perhaps this will help to stem the tide of frivolous mass lawsuits being brought by the RIAA and other rights-holders where IP addresses are the bulk of the 'evidence' suggested."
This discussion has been archived. No new comments can be posted.

NY Judge Rules IP Addresses Insufficient To Identify Pirates

Comments Filter:
  • by CriticalAnalysis (2631225) on Thursday May 03, 2012 @05:38PM (#39883295)
    Does this ruling apply if someone downloads child porn, makes bomb threats, discusses with terrorists or other larger crimes? Just saying it should be consistent if pirates get a pass.
    • by Anonymous Coward on Thursday May 03, 2012 @05:41PM (#39883343)

      This still means that an IP address is sufficient for them to seize and search your computer hard disks and such, so if you have corroborating evidence there you'd still be fucked. It's just not sufficient in the absence of anything else.

      • by nabsltd (1313397) on Thursday May 03, 2012 @07:27PM (#39884513)

        This still means that an IP address is sufficient for them to seize and search your computer hard disks and such, so if you have corroborating evidence there you'd still be fucked.

        For a criminal matter, an IP address might be enough by itself to issue a search warrant.

        Luckily, the copyright infringement that is being done in file sharing doesn't fall under the "criminal" section of copyright law.

    • by Githaron (2462596)
      I don't know if it does but one would think so.
    • by CanHasDIY (1672858) on Thursday May 03, 2012 @05:47PM (#39883443) Homepage Journal
      Those are criminal infractions; 'piracy' is technically a civil matter.
      • by Githaron (2462596)
        Wouldn't it be even more important in a criminal trial to not equate an IP address with an individual without additional evidence?
        • I think so, but then again I never said it wouldn't.

          Was merely pointing out that a precedent-setting decision in civil court doesn't apply to criminal matters, and vice versa.
      • by MoonBuggy (611105) on Thursday May 03, 2012 @05:54PM (#39883553) Journal

        Surely that reinforces the point, though? Criminal cases have higher standards of proof than civil ("beyond reasonable doubt" compared to "on the balance of probabilities"), so if it's not enough for a civil case it sure as hell isn't enough for a criminal one.

        • One would think that... then again, considering that a person can be arrested, prosecuted, and convicted of "resisting arrest" without any other charge, I have my doubts about these 'higher standards' of which you speak...
          • by icebike (68054) *

            One would think that... then again, considering that a person can be arrested, prosecuted, and convicted of "resisting arrest" without any other charge, I have my doubts about these 'higher standards' of which you speak...

            I've seen this raised several time over the past few days, (perhaps by you), and I fail to see the point of this argument.

            If the police or the prosecutor declined (for what ever reason) to press on with the original charges for which you were being arrested, I fail to see how you can expect to get away with resisting arrest, which is a separate offense.

            The original charge may not be provable in court, or perhaps they find out you really didn't do it. Doesn't matter.
            That you in fact resisted what was belie

            • by Archangel Michael (180766) on Thursday May 03, 2012 @06:46PM (#39884153) Journal

              Except that it is not. I was arrested for "resisting arrest", then added a charge of being "drunk in public" to cover the act that I knew that they couldn't arrest me for resisting arrest alone. They then changed the charge to "Resisting arrest" and "Assault on a police officer" after I informed the police I was neither "drunk" nor in "public" (being sober INSIDE a private residence).

              The prosecutor continued prosecution through the trial and I was acquitted in less than 1 hour. Juries take a very dim view of police trying to cover their asses. It also helps that could recall with exact detail (even to this day) the entire conversation the police officers had trying to cover the fact that they were arresting an asshole (me) who was smarter than they were.

              My suggestion is, don't resist, but don't help them. They often claim the latter is the former, it is not.

      • by brit74 (831798)
        Okay, but wouldn't "can't identify a person" still apply in both cases? Afterall, if you're going to go to jail for making a bomb threat (or child porn, etc), then it's even more important to disregard IP-address based evidence in criminal cases.
    • by gnasher719 (869701) on Thursday May 03, 2012 @05:47PM (#39883445)

      Does this ruling apply if someone downloads child porn, makes bomb threats, discusses with terrorists or other larger crimes? Just saying it should be consistent if pirates get a pass.

      In the context of this ruling, an IP address is not enough evidence to justify giving your name and address to someone who claims that his copyright is infringed, but isn't really interested in sorting out the copyright infringement but only to blackmail you into a settlement. Especially if someone tries to get the names of dozens of people while paying only one court fee.

      On the other hand, it is surely enough evidence to get the police started investigating serious crimes.

      • by EdIII (1114411)

        On the other hand, it is surely enough evidence to get the police started investigating crimes they are interested in because the DA thinks they can win it.

        FTFY.

        You can have a device broadcasting IP information all day long and a sworn statement that your property has been stolen, and it is at that location, and the police will act like the laziest most disinterested bastards on the fucking planet.

    • by pavon (30274) on Thursday May 03, 2012 @05:47PM (#39883451)

      Well, the ruling doesn't really set any legal precedent since it is just a district judge, and it is about a civil case not a criminal one. But it is consistent with how most judges have ruled across the country. The consensus is that it is more than sufficient evidence to get a warrant, is not even close to enough to secure a conviction by itself, but when combined with other evidence may do the job. Just follows common sense really.

    • by Bengie (1121981)
      Copy-infringement is a civil issue. I'm sure they could get a warrant for your computer equipment if bomb-threats/child-porn/etc happened from your IP as those are Federal crimes.
    • by dbet (1607261) on Thursday May 03, 2012 @05:52PM (#39883511)
      I think if someone made bomb threats from an IP address, the FBI would FULLY investigate, because jailing the wrong person means the bomb still goes off, where the RIAA doesn't care if they sue the wrong person.
      • I think if someone made bomb threats from an IP address, the FBI would FULLY investigate, because jailing the wrong person means the bomb still goes off,

        Judging by how the FBI handled the Pittsburgh bomb threats, I do not give much credit to their ability to "fully" investigate anything online. The FBI's approach to computers is to lobby for backdoors, then point to examples where a lack of a backdoor impeded their investigation when they do not get their way.

    • by Moses48 (1849872)

      Here's my take on the matter:

      If someone dies because a TV is thrown out of a window, you shouldn't just arrest the person with the open window. Maybe that's sufficient evidence to go search the room for a missing TV, but maybe it was the neighbor. In that scenario they would look at who might have sent the TV flying, not just the weak evidence that it was someone from within my apartment.

      Same with bomb threats. If bomb threats are originating from my IP address, I would imagine society (ie: throough the

      • by pipatron (966506)

        If bomb threats are originating from my IP address, I would imagine society (ie: throough the police authority) would like to see my computer and know more about me. They shouldn't send a class action lawsuit against me, and/or bully me just because a hacker has hijacked my computer.

        The problem with this is that "see my computer" must mean "take everything in my house that can store digital information and keep it at the station until the computer forensic guys have time to look at it, likely within the next 6 months."

        In this day and age, it's pretty much like taking everything you own...

    • The FBI does their homework. They don't try to take someone to court based on an IP address. They get more evidence, a whole lot more, because they have a higher standard to meet than civil court (beyond a reasonable doubt instead of preponderance of the evidence).

      I haven't read the ruling but I very much doubt the judge said an IP address couldn't be used AT ALL, just that it alone is not grounds for "identification" and as such filing a lawsuit against a person. They'd need to do more work.

    • by Sir_Sri (199544)

      It does sort of create this odd incentive to run an unsecured WAP to dodge the potential liability for what you're going to use it for. Which is just bad security practice in general, and can tend to risk problems with everything you mentioned, because people who want to engage in things which are definitely illegal, and should be illegal don't usually want to get caught doing it.

      In the case of a household of multiple people, sure, they can't specify which of the 4 members of the household are responsible

    • by sjames (1099)

      It should be consistent, but let's be clear: This isn't pirates getting a pass, this is prosecution/plaintiff being held to appropriate Constitutional standards.

  • Judges. (Score:5, Insightful)

    by AG the other (1169501) on Thursday May 03, 2012 @05:38PM (#39883301)

    Some of them are teachable.

  • that it will stem the tied of frivolus mass lawsuits. My guess is they will just pick a different tactic. I suspect that we will see some court decisions and or laws past that will make the person paying for the service assocated with the IP address responsible for all traffic that is sent or received.
    • by Githaron (2462596)
      By extension, that would make the ISP responsible for all the traffic that goes through their networks.
      • The law will just have the words "residential" or "consumer" in it, and thus only target the majority of Americans. Even if it did not specifically say that, the law would only be applied to individual people, and never to the wealthy.
  • Don't know why it wasn't in the writeup. This ruling was in the federal court for New York's East District [wikipedia.org], which I think (IANAL) means it is precedent there (but not necessarily elsewhere in the country)

    • by bhcompy (1877290)
      That would be more or less correct. Non-binding caselaw everywhere but there.
    • If a court actually rules on a case that they have jurisdiction over, then there is precedent. Doesn't mean other courts will always respect the precedent, but it is a precedent, it can be cited in cases throughout the country, and so on. It is case law.

      What is not precedent is when there is a settlement. If the court doesn't actually rule, no precedent is created.

  • If this ruling stands, I wonder if **AA will start pushing for IPv6. It'd be their best interest to eliminate NAT to protect their new revenue stream of suing their consumers. Years of technical arguments never got traction, but maybe a Judge just kicked us over the hump.

    Something or other about the ends not justifying the means.

  • No.
    They just choose a different venue with a more-compliant judge. Just as MPAA found a Congressman willing to be their new CEO.

  • by Galestar (1473827) on Thursday May 03, 2012 @05:46PM (#39883427)
    Thank you Judge Gary Brown
  • And on my block there are hundreds of unsecured wireless routers, cellphones acting as hotspots, and laptops and iPads.

    Even though I secure my wireless N router, anyone using Google warganging software from their streetview team could still slurp up all the IPs and then brute fake it on another device.

    The judge is right.

  • No shit, Sherlock.
  • ... like me, then another person could have surreptitiously broken into my house and just used the wired LAN. Farfetched? Sure, but I'm just putting it out there for any future defense that it *could* happen - damn "only want to steal my bandwidth" thieves.
  • Would this mean, then, that fines would be applied against the homeowner or internet-service owner? Afterall, when they catch you speeding with photo-radar, they don't apply traffic tickets against the driver (they don't know for sure who the driver might be), but you still have to pay a fine and it's sent to the owner of the vehicle - something you can't get out of by simply going "Gee, I don't know who that driver might be, I guess I don't need to pay the ticket!"
    • Not quite suitable for a car analogy. You're not required to register your wifi routers with the State, and you don't have to be licensed to operate wifi routers. So there's no reason for the legal consequences of ownership and usege to be similar.
    • by roothog (635998)

      Not true. Usually they need photographic evidence of both your car and your face.

    • - something you can't get out of by simply going "Gee, I don't know who that driver might be, I guess I don't need to pay the ticket!"

      Around me, that is how it is: tickets must be given by a police officer, who physically hands the ticket to the driver of a car. It is perfectly valid to say, "Yes that was my car, no it was not me driving it," and it is perfectly valid to say, "I do not know who was driving it." People lend their cars to others sometimes, and if they lend their car to a group of people, they really cannot know who in the group was driving.

  • by roothog (635998) on Thursday May 03, 2012 @06:10PM (#39883737)

    Hey, we can finally get IPv6 adopted everywhere now that the entertainment mafiaas will lobby for every system to have a unique address.

  • by ugen (93902) on Thursday May 03, 2012 @06:19PM (#39883831)

    This is a great argument. Unfortunately, once we are all moved to IPv6, and with help of IPv6 zealots who are against NAT privacy protection "on a principle" - each device behind home router will receive its very own unique IP (perhaps more than one, if temporary IPs are used, but certainly unique address). Once that is in place, the argument no longer holds and we are back to square one.

    I certainly hope that Linux network stack crowd (because they are the ones whose product will be used, as is customary, in large chunk of wifi routers and other home network devices) will get something done before copyright holders wisen up, and poke Comcast/Cox cable/Verizon to roll out IPv6 to end users.

    • Once that is in place, the argument no longer holds and we are back to square one.

      A single computer can be used by more than one person, wireless connections hijacked, etc. Not to mention viruses

    • From Wikipedia [wikipedia.org]:

      Privacy extensions for IPv6 have been defined to address these privacy concerns. When privacy extensions are enabled, the operating system generates ephemeral IP addresses by concatenating a randomly generated host identifier with the assigned network prefix. These ephemeral addresses, instead of trackable static IP addresses, are used to communicate with remote hosts. The use of ephemeral addresses makes it difficult to accurately track a user's Internet activity by scanning activity streams for a single IPv6 address.

      Privacy extensions are enabled by default in Windows, Mac OS X (since 10.7), and iOS since version 4.3. Some Linux distributions have enabled privacy extensions as well.

      People dislike NAT because it's a crappy idea whose best featured are better implemented in other ways. It's not because we're too dumb to understand the issues or too cavalier to care about them.

      I certainly hope that Linux network stack crowd (because they are the ones whose product will be used, as is customary, in large chunk of wifi routers and other home network devices) will get something done before copyright holders wisen up, and poke Comcast/Cox cable/Verizon to roll out IPv6 to end users.

      We did, about a decade ago.

    • by farble1670 (803356) on Thursday May 03, 2012 @08:34PM (#39885219)

      Once that is in place, the argument no longer holds and we are back to square one.

      if you are using the "wasn't me downloading that" defense as a loophole to allow you to get away with illegal activities, then sure, you are back to square one.

      on the other hand, if your goal is to ensure that people aren't incorrectly identified and persecuted for for crimes they did not commit, then it solves the problem perfectly.

  • "which unlike traditional telephones can be operated simultaneously by different individuals"

    Does anyone remember party lines. several houses with the same line, and you had to listen to a specific ring.

  • From TFA:

    the logic of “IP address = person” — which was once reasonably valid

    That logic was never vaguely reasonable if the equation is taken to be a reliable identification for any legal purpose.

    If someone comes into court with an IP number, one needs to know a whole lot about how that number was discovered in order to consider giving them any credibility in associating some misbehavior with a person who is supposedly associated with that number. Mere knowledge of my name, or my car's license plate number, or my US mail address, or even an envelope with my US mail address

  • Not far enough (Score:5, Insightful)

    by Charliemopps (1157495) on Thursday May 03, 2012 @08:47PM (#39885325)
    While agree with the Judge, it's not nearly going far enough. I used to work in a department that handled copyright infringement complaints for a large ISP. When the copyright owner makes a complaint, by law the ISP is required to take action. But there are multiple problems with the entire premise.

    1. The complaint comes in via an unverifiable email. The ISP has no idea who really sent it. As any ISP knows, spoofing an email is about the simplest thing for a teenage hacker to perform.
    2. Even if the ISP could verify the sender, they have no idea if the sender is really the content owner. In fact, the ISP has absolutely no way to find out who the content owner is. This is something, that by its very definition would need to be decided in a court of law.
    3. The ISP has no idea if the person sending the email is telling the truth in the least. Even if they are telling the truth they have no idea how competent their methods are. All they have is an email that says they "saw" the user download some content they own. They could have made it up, they could have terrible methods for detection. I believe there was one case where a university student managed to get DMCA notices sent to several campus printers IP addresses.
    4. And most importantly, the ISP KNOWS most of the complaints are total BS. I personally saw at least 25% of the complaints that came in were against IP addresses that didn't have customers on them... or belonged to network devices we owned.

    The entire premise that someone can connect to a torrent and then say that every IP address that their software tells them is connecting to that torrent is a pirate is asinine. There's a simple solution to your problem media industry... stop price gouging. Work WITH and not against netflix, pandora, and the like. Make it easier to pay you than it is to pirate... and the pirate community will die. Humans follow the path of least resistance. It's illegal to run red lights, but people still do it all the time, because it's easier than stopping. How do they really stop people from red lights? Take them out and put in a round-a-bout.

It is better to give than to lend, and it costs about the same.

Working...