Judge Orders Piracy Trial To Test IP Address Evidence 321
another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth."
"The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."
Re:Responsibility? (Score:4, Interesting)
Sure. The ISP is responsible for that IP address, and has bigger pockets than some individual subscriber - so why not go there? ISPs have fought long and hard to not be considered "common carriers," so that would be just desserts.
get away car (Score:4, Interesting)
It's a bit like finding the get away car for the bank job in your house and all the neighbors agree you use it to drive to work.
Big problem? No. (Score:5, Interesting)
This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.
That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.
What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.
God bless America.
Re:IPs parallel the discoverable world (Score:5, Interesting)
The MAC address is only available on the home router. Home routers tend not to log this kind of information, because it would involve infrequent writes of small amounts of data to flash storage, which is a really great way to make it fail quickly. So in pretty much any case where the network wouldn't be secure, there would be no record of the MAC address.
Also, it's trivial to spoof a MAC address. E.g., just run bittorrent in a vmware virtual machine, and then blow it away when you're done—evidence gone, and the log will show that you are innocent.
The bottom line is that trusting IP addresses as personal identifiers is a really bad idea, which causes a great deal of social harm for a very small social benefit.
Re:Big problem? No. (Score:2, Interesting)
Must be one of those angry overweight ugly lesbian cunts the FBI uses to infiltrate other groups of ugly overweight ugly lesbian cunts.
I know I'm breaking rule #1 of Slashdot: Don't feed the trolls. Buuut... it's late, I'm bored, somewhat drunk, and still fabulous. First, not overweight or ugly. Second, I'm bi, but my last two relationships have been lesbian. Third, I prefer the term bitch, not cunt. I reserve that word for people who have done worse to me than making an internet post on some website only known to a fraction of the population. As far as being used by the FBI, nope -- that's what PETA is for. Didn't you get the memo? Us cunt lesbians hang out at PETA meetings, not replying to comments by the marginally literate.
Go ahead, mod me down now guys... but be honest: Every now and then, beating an anonymous coward to a pulp is carthetic.
Re:IPs parallel the discoverable world (Score:5, Interesting)
Not only that, but the current testing methodology is questionable. Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this. The statistical probabilities given that someone has the same DNA are based on the completely unsupported assertion that there is no genetic relation between these markers.
Not too many people have katana's, not too many people keep chopsticks in their silverware drawer. So you could argue that someone having both these things makes it highly unlikely the suspect is the killer. In reality, I'd venture most everyone with a katana also has chopsticks. Having both is slightly more statistically unique than having one but it is nowhere near as distinct as the individual probabilities of having these items would suggest. The same may well be true of these markers or of certain value combinations of them.
I wouldn't buy something based on a companies claim of statistical success because it is too easy to use selective information and to spin results. Why are we using this same kind of data to send people to prison.
Re:IPs parallel the discoverable world (Score:5, Interesting)
The problem is NAT and DHCP, for which there are no parallels for with DNA.
NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP.
DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.
Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.
Re:IPs parallel the discoverable world (Score:4, Interesting)
People can share IP addresses, but only twins share DNA?
http://en.wikipedia.org/wiki/Chimera_(genetics)#Human_chimeras [wikipedia.org]
Re:IPs parallel the discoverable world (Score:2, Interesting)
But at least DNA doesnt change every 2 weeks.
Logs will show who had which IP at which time. This is a non-issue.
I want to believe the court will rule that IP addresses don't prove which person used the equipment which held the address. It is consistent with how we treat cars, license plates, and drivers. Your plate is not enough for say a traffic offence, because you may not have been driving.
But I just can't justify faith in the system anymore. Honestly if I was going to bet a large percentage of my money on this, I would bet on the most authoritarian or fascist outcome possible. I would bet that the copyright cartels will get their way, even if the judge is fully aware this will result in innocent people being blamed for infringement they didn't actually do. Sadly I would probably win that bet. The courts have long ago decided that elaborate legal theories are more important than preserving and defending liberty.
I guess judges assume they are in the ruling/political class so the fascist laws they keep validating will never be used against them personally? That makes it okay, right? Somehow, in their minds? Just like so many politicians assume the massive debt won't be a real problem until long after they're out of power, so that makes it okay to them. The lowest worm or maggot is better than these people because it can't help being what it is. These people choose to be what they are.
Re:IPs parallel the discoverable world (Score:3, Interesting)
Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this.
What private company? And nobody has asserted that it matches a unique person, but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.
Re:IPs parallel the discoverable world (Score:3, Interesting)
My old wardriving rig had a new MAC address from a randomly selected vendor every time it booted up. Hell, the only consistent thing about it would've been the fact that it intentionally excluded two of the medium-common vendors -- one being its own, the other being an extra exclusion to not be blatantly obvious if it was ever tracked.
It's a basic command that can be ran on nearly any decent linux system that doesn't have a completely crap card.
MAC filtering is about as valuable as locks on car doors -- except at least if someone smashes your car, there's blatant evidence afterwards. With MAC cloning, the only evidence you might have is an interruption of service if you happened to be on at the same time. And that's only if your attacker was naive, or the network was configured better than most ones are in reality. Thank you arpping.
Yes, you should use MAC filtering, for the same reason you should lock the front door to your house. But you shouldn't count on it to protect you from anyone but utter incompetents.