Forgot your password?
typodupeerror
Piracy The Courts United States Your Rights Online

Judge Orders Piracy Trial To Test IP Address Evidence 321

Posted by Soulskill
from the your-computer-is-broadcasting-an-ip-address dept.
another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth." "The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."
This discussion has been archived. No new comments can be posted.

Judge Orders Piracy Trial To Test IP Address Evidence

Comments Filter:
  • They can defend against this and finally put an end to all the crazy lawsuits
  • Responsibility? (Score:5, Insightful)

    by i_ate_god (899684) on Tuesday October 09, 2012 @10:22PM (#41603555) Homepage

    An IP address will identify a connection, that someone is responsible for.

    There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.

    • Re:Responsibility? (Score:4, Interesting)

      by msauve (701917) on Tuesday October 09, 2012 @10:30PM (#41603613)
      "An IP address will identify a connection, that someone is responsible for."

      Sure. The ISP is responsible for that IP address, and has bigger pockets than some individual subscriber - so why not go there? ISPs have fought long and hard to not be considered "common carriers," so that would be just desserts.
      • by firex726 (1188453)

        Which of course now they are actively trying to throttle and monitor traffic.

      • by i_ate_god (899684)

        for the same reason that a car company won't get blamed when someone drunk drives, but the establishment serving the drinks (or in some jurisdictions, the bar tender) will be.

        • Re:Responsibility? (Score:5, Insightful)

          by Riceballsan (816702) on Tuesday October 09, 2012 @11:16PM (#41603879)
          Really when it comes to cars, generally the way they cover themselves, is by knowing who is using their cars at all times. Lets say hypothetically a rental car was used in a crime, anything from a getaway car for a bank robbery, to running a red light with cameras. The police contact the rental car company and ask who was driving the car with the license plate at 7:30PM on monday. The rental car company shows their copy of the ID, the form of payment they took, etc... and the police move on to look for the actual crook. Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is. A loaned car, they will probably ask you who you loaned it to and analyze it. Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence. IMO it's a grey area depending on how the wifi was breached, but that's where it opens up the can of worms, wifi cracking usually leaves no trace. Distinguishing, open wifi, secured wifi used by authorized users, and broken secure wifi, is where the case lies, and IMO should be required to file the suit. IMO the RIAA should have to send a goon to the location, determine if there is wifi, if there is then determine if it is open. If the location has no or closed wifi, have to work with local police and have the police obtain a search warrent, and actually prove the files are on a machine in said house. The batch lawsuits of gathering 10,000+ IPs at a time and suing them all requiring the defendants to prove their innocence is an abomination to due process.

          Now whether the laws should even exist in the first place, is a whole other matter. IMO no, but that is off the subject, the discussion isn't on whether the law is right or not, but on whether just sniffing trackers for IP addresses, is enough to fairly judge someone guilty. My view on that is absofrickinlutely not.

          • by bonehead (6382)

            Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is.

            And today's lesson, kids: Next time you rob a bank, throw a brick through your car window!

            Plausible deniability. Good enough for presidents, good enough for us.

            • it isn't uncommon of a tactic in crime from what I hear, people will intentionally report their car stolen, before loaning it to a friend to do something that they expect the car to be tracked to.
          • Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence.

            How can open internet connections in any way be considered negligent? It's fundamental to the business plan of any internet cafe. Equally as important as selling coffee that cost 15 cents to brew for 5 dollars. And btw, my local library also offers it as a public service. For free

    • But this is a civil lawsuit, not a criminal investigation.

    • by gpmanrpi (548447)
      Person B, generally, has to have known or should have known that something Person A was going to do with Person B's things would be used for a crime or something bad. On another note, I think you are confusing negligent entrustment theory into a copyright case. Without having reviewed the relevant case law, I find that to be a bit far fetched. Having a duty to run a secured WiFi, is a big leap, since it is not a legal requirement. You don't have to lock your door, or your car. In many states "war driving" i
      • so that makes it unlikely that the person is going to be held liable for the criminal action of another as the basis.

        Why take a chance on that? Secure your network or else pay someone else to do it for you, preferably through a registered business, and save the receipt.

  • It can help. (Score:5, Insightful)

    by TheLink (130905) on Tuesday October 09, 2012 @10:33PM (#41603631) Journal
    An IP address can _help_ positively identify a person.
    It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

    If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.

    But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.

    However in this case they want huge fines and the fines to go to them ;).
    • by SQLGuru (980662)

      So, what about this:

      I can change my IP address to anything I want. Sure, if it's in use, there will be collisions and what not, but if I get lucky, it's unused. But from the standpoint of the argument, which IP address does my ISP think I have? The one I got via DHCP from their servers? Or the one I manually set (assume it's still one of the ISPs pool of numbers and I got lucky with one that was currently free). Also assume my MAC address is spoofed to BEEFCAKE or what have you.

      • by Drishmung (458368)
        It depends on the ISP and how you connect, but in many cases the ISP will enable configuration so that if you try and use an IP address other than the one they gave you it will fail. This if for no other reason that a compromised or busted device sending promiscuous ARP with bogus addresses acts as a denial of service attack. See this cisco document [cisco.com] for how this works on some equipment.
      • by mark-t (151149)
        I'd place not insubstantial odds that your ISP isn't going to accept data from you at all if you change your IP address to one that doesn't actually belong to you.
    • by fnj (64210)

      It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

      So in other words, really it CAN'T negatively identify a person. There is nothing to say John didn't visit Harry and use Harry's router to download. It can't positively identify, and it can't negatively identify. It can't identify SHIT. Not by itself.

      Exactly like you said, it is merely a piece of evidence which MAY, combined with other evidence, combine to acc

  • Given the fact that wi-fi is so predominant these days and the fact that several access points are left unsecured as well as the fact that any particular access point routes to one of a number of IP addresses belonging to the same subscriber, an IP address is not a reliable way of determining who actually downloaded things illegally.
  • Big problem? No. (Score:5, Interesting)

    by girlintraining (1395911) on Tuesday October 09, 2012 @10:50PM (#41603729)

    This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.

    That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.

    What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.

    God bless America.

    • by TubeSteak (669689)

      That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty.

      At the Federal level, knowledge is required for a guilty verdict.
      At the State level, your mileage may vary.

      You must live in one of those asshole States where proving knowledge is not required.

      FYI - Receiving is what happens when you get something you know is stolen.
      Possession is what happens if you find out, after the fact, that you got something stolen.
      Not all States make this legal distinction or they do, but it's covered under the same law.

      And, as with many things under the law, being really really drunk

  • by mark-t (151149) <markt@lynx . b c.ca> on Tuesday October 09, 2012 @11:19PM (#41603891) Journal

    It can't identify a specific person. At all. The pigeonhole principle proves it irrefutably, since there are 4 billion possible IP's, but roughly 7 billion people on the planet. It is therefore impossible for an IP to uniquely identify an individual.

    Although admittedly that particular argument isn't valid for IPv6... it's still true for a vast majority of IP addresses right now. Even under IPv6, however, it will probably still be the case unless (or until) we start directly associating unique IP's with particular people regardless of what kind of device they are utilizing, you still won't be able to associate an IP address with a particular person. At best, you can get only the subscriber who leased that IP. This may or may not be the individual, but an argument can be made (one that I don't fully agree with, but can see some valid reasoning behind) that a subscriber could be held accountable for activities on his or her subscription that they ought to have had the ability to supervise and approve of.

  • The IP is the car.. yes, someone owns the car or might be responsible for the car at a particular time, but they may or may not be driving it.
  • ISP have messed up ip tracking as well metering so what a ISP says may not hold up in court.

    There lot's of old cases of that hear on Slashdot.

  • by zotz (3951) on Wednesday October 10, 2012 @09:08AM (#41606429) Homepage Journal

    a trial is "necessary to find the truth." ???

    Wouldn't an experiment or a demonstration be more in order?

    Or is that what the trial is to consist of?

    all the best,

    drew

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson

Working...