Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Music Media Government Privacy The Courts Your Rights Online News

Innocent File-Sharers Could Appear Guilty? 380

daveo0331 writes " New Scientist has an article about what could be a promising defense strategy for people targeted by the RIAA. Basically, anyone on the Gnutella network can frame other users by making it look like someone is hosting RIAA music, even though they're not. Therefore, the RIAA's "evidence" against file sharers is theoretically unreliable and wouldn't stand as good a chance of holding up in court. No mention of whether this has anything to do with the RIAA's eagerness to settle the lawsuits out of court. The article is based on a research paper (PDF link, HTML version) posted anonymously to a web hosting service in Australia."
This discussion has been archived. No new comments can be posted.

Innocent File-Sharers Could Appear Guilty?

Comments Filter:
  • by SpanishInquisition ( 127269 ) on Thursday October 02, 2003 @12:32AM (#7110974) Homepage Journal
    can you say those 2 words in the same sentence?
    • by plenTpak ( 543323 ) on Thursday October 02, 2003 @01:00AM (#7111134) Homepage
      i currently share 976 free songs (~3.58 GB), legally. i got all these songs off of iRATE [sourceforge.net]. so i'd say you certainly can!

      i think irate is great by the way, although there's certainly room for improvement (p2p support, perhaps, as well as integration with an external media player). maybe when i have time i'll sit down and (attempt to) throw something together... (hopefully someone will have done it by then, and i can just download it. =P)
      • Are you allowed to share all those files though? I was under the impression that all those songs were free to download, but that doesn't mean you are allowed to distribute them.
    • Of course... (Score:3, Interesting)

      by Kjella ( 173770 )
      [RIAA] Those ugly criminal filesharing programs are stealing the earnings of our poor, innocent artists who are just trying to make a living. [/RIAA]

      If you want to try a mind twister, try realizing that RIAAs friends (their customers) are also their enemies (the pirates) and try to apply some "the enemy of my friend is also my enemy" logic.

      Kjella
  • by Anonymous Coward on Thursday October 02, 2003 @12:32AM (#7110975)
    How about an entire computer shared to the internet? [67.37.26.90], like this crazy guy did...
  • by l810c ( 551591 ) * on Thursday October 02, 2003 @12:32AM (#7110977)
    Read about this [usatoday.com] in USAToday Monday:

    A number of people say they were wrongly accused by the RIAA, or that their children swapped music without their knowledge. The RIAA dropped one suit, against retired Boston teacher Sarah Ward, 66, when it was discovered she couldn't be sharing songs on pirate service Kazaa because she uses an incompatible Apple computer.

  • html link (Score:4, Informative)

    by tedtimmons ( 97599 ) on Thursday October 02, 2003 @12:32AM (#7110979) Homepage
    Thanks to google, here's the HTML version of the PDF [216.239.37.104].

    Sure, karma whoring, but who wants to load a PDF? At least I didn't post a MS Word version of it!

    -ted
    • who wnats to load a PDF?
      Anyone who runs MacOS 10, seeing as how the PDF file format is as integrated into MacOS 10 as Internet Explorer is into Windows or Konqueror is into KDE.
  • Meh... (Score:2, Informative)

    by aksuur ( 628258 )
    I think most people will either be scared into settling, or not have enough money to pay for litigation and court costs. Although it's nice that there is a way around the RIAA's mass suing, how often will this technique really be used...
    • My solution is running like hell, and opening fire on officials when they arrive at my door. Nothing like some action to spice up the day.

      BURN RIAA... BUUuuuurn.

      "Are they saying Boo Smithers? -Err, no, they're saying BOOurns..."

      this unfunny stupid post brought to you by late night brain damage via sleep depravation. Good night.

  • The question is (Score:4, Interesting)

    by General Sherman ( 614373 ) on Thursday October 02, 2003 @12:37AM (#7111006) Journal
    Will this really stop them from doing anything? Like the poster said, they like to settle out of court, and they'll probably pull something like "Well, you should've been more protected against this kind of identity theft. Give us $10,000 in amnesty, and we'll go catch the _real_ theif."
  • Ummm, so what? (Score:5, Insightful)

    by Gogl ( 125883 ) on Thursday October 02, 2003 @12:39AM (#7111014) Journal
    How many of the people being sued by the RIAA actually use Gnutella? I would bet few to none. The vast majority are getting nabbed for Kazaa and other more popular, less geeky p2p clients.
    • You obviously haven't used Bearshare. it's very friendly, fast and effective. I found it eaiser to use than Kazza. It also has a wider (more eclectic) selection and most songs are quite available due to less congestion (ie freeloaders).
  • by Shawn Parr ( 712602 ) <<moc.rrapnwahs> <ta> <rrap>> on Thursday October 02, 2003 @12:40AM (#7111016) Homepage Journal
    When using a modem, or even Cable/DSL one is typically dynamically assigned an address. Many times these can change. It was stated in numerous articles that the RIAA found IP addresses for people, then subpoenaed ISPs for the users using those addresses.

    Either due to ISP incomprehension, or RIAA non-specific requests, they most likely received a lot of information based on who was using that address after subpoena, not during copyright infringement.
    • by Anonymous Coward on Thursday October 02, 2003 @12:44AM (#7111052)
      ISPs are required by law to maintain a USERNAME,IP,TIME_USED record for even dynamic IPs.

      So if RIAA gives them a IP,TIME_of_infringement, they will have no problem in retrieving a USERNAME and other resulting info to send to the RIAA
      • er which law?

        the law only requires them if they have such a record to produce it when issued with a court order

        ISP's generally have this information as they needed it for their own billing systems
      • On my cable internet I can
        • Take any free IP address just by guessing numbers
        • Send any random hostname to the DHCP server and still get an IP
        • Forge my MAC address to be any random number - which I have to when the DHCP server starts futzing and thinks I am already online

        But I really don't know how cable networks work. So my question is, Does my cable ISP know what my IP address is at any given time? This is a theoretical question - I know that they are to incompetent to keep track of that, but just preten

      • So everyone, that's why you should ALWAYS share your wi-fi connection with your neighbourhood! ;)
        • I recently set up a wireless network at home. I was shocked to discover that everything worked immediately - I just plugged stuff in, turned it on, and there I was, live on the net. 10 minutes later when I tried to SSH into the other computer, well, my router had no entry for it on the network. Many hours later (due to a web interface that wouldn't work, and only a windows install app alternative), I finally got my wireless bridge to talk to my router. Sure was tempting to quit Comcast then and there!
      • What about a cheap ISP that only has one IP address and proxies all connections through it? What about the firewalls/proxies at most corporate businesses that send hundreds of users through single IPs? Any federal regulations on those? I really don't think ISPs are required by law to keep any such records, honestly. Moreso, I think there is a lot of technological mumbo-jumbo waiting to complicate things for the RIAA. I'll give you a hint: "proxy" is on the list.
  • by Anonymous Coward
    Just leave America. I'm so lucky that I don't have to. The Recording Industry Association where I live doesn't scare me in the slightest!
  • Nice, but... (Score:4, Insightful)

    by TopShelf ( 92521 ) * on Thursday October 02, 2003 @12:43AM (#7111039) Homepage Journal
    Just because they've pointed out theoritical weaknesses in P2P apps doesn't necessarily raise a "reasonable doubt" about any defendant's activities. Is there any evidence that these vulnerabilities are actually being exploited out there? If not, I don't think this would hold much weight in court...

    Oh yeah, and IANAL.
    • Is there any evidence that these vulnerabilities are actually being exploited out there? If not, I don't think this would hold much weight in court...

      Yup. This is why introducing uncertainty in order to conceal what is being shared should be part of the basic protocol [stanford.edu].

    • Re:Nice, but... (Score:4, Informative)

      by kfg ( 145172 ) on Thursday October 02, 2003 @01:46AM (#7111320)
      In a criminal case, yes, it most certainly does raise reasonable doubt; and were the RIAA prosecuting criminally this would be suffcient cause for a finding of not guilty, or even dismisal.

      However, for now, the RIAA is not prosecuting criminally (although this threat is always in the background of any negotiations to settle). They are prosecuting civilly.

      In a civil case it is the preponderance of the evidence that is considered. In other words does the jury think it's more likely the defendant is "guilty" (liable actually) than not.

      This is a much looser standard just ask O.J. ( Or Chaplin, who was found liable for the support of a child he had proven wasn't his).

      KFG
        • In a civil case it is the preponderance of the evidence that is considered. In other words does the jury think it's more likely the defendant is "guilty" (liable actually) than not.

        In follow up, think of the "more probable than not" term on a percentage basis. In order to win, the RIIA need only prove that their assertion is more than 50% likely (defendant wins at the 50/50 point). So, 50.000...01% beats 49.999...99%

        In the infamous Boston Grandmother situation, the chances of a jury tipping that par

  • by laird ( 2705 ) <lairdp&gmail,com> on Thursday October 02, 2003 @12:44AM (#7111047) Journal
    While it's interesting that apparently Gnutella can in theory be spoofed, I can't believe that this could form much of a legal defense since the spoofs are specific to Gnutella, so this has nothing to do with the vast majority of p2p usage.
    • by anonymous cupboard ( 446159 ) on Thursday October 02, 2003 @02:04AM (#7111361)
      You don't get it.

      To publish something that relies on reverse engineering puts you open to charges under the DMCA. Reverse engineering PD software is easy (you have the source). Reverse engineering a closed source program isn't exactly impossible, look at Kazaa-lite, for example. However there are other PD clients to more popular networks such as eMule for ed2k (no disassembly required).

      So you can still say that the RIAA's IP address is sharing movies and the MPAA's IP address is sharing MP3s for other networks.

  • by tmark ( 230091 ) on Thursday October 02, 2003 @12:44AM (#7111049)
    This is no "strategy", it's a cop-out. If people are sharing files, and they *really* believe they should be allowed to do so, they should fight on the merits of their position, and live or die on said merits. To cook up a tenuous argument that someone might have framed you, is a tacit admission that the arguments people have mostly been using to justify file-sharing are worthless, and that file-sharing itself is indefensible. Show some backbone, people.
    • by darkov ( 261309 ) on Thursday October 02, 2003 @12:56AM (#7111112)
      This is a great argument utill some idiot teenager starts echoing your IP showing that you are sharing thousands of copyrighted files and you get a subpoena. If it's possible, someone will get around to eventually for a laugh. What do you do then? Plead your innocence siting your slashdot posting as proof? Well, you don't get a chance because you can't afford to fight the case because you haven't got a lazy 10-20K. So you pay up. And you're innocent, or so you say.

      Let's face, if it happened to you you'd bee bawling endlessly about the injustice instead of condeming possibly innocent people.
    • Haven't You Heard? (Score:5, Insightful)

      by thecampbeln ( 457432 ) on Thursday October 02, 2003 @01:57AM (#7111344) Homepage
      The "law" is no longer about the "truth", but who can spin the best "half-truths" (read: lies). And the best "lawyers" (read: lairs) cost $$$, so in short, he with the most money gets "justice" (read: their way). So anything the "little guy" (read: not much $$$) can win is to come up with a nice "open-source" "half-truth", of which this seems to be. That and all that framing stuff others mentioned ;)
      • That's because in civil trials, the standard of proof is on the balance of probabilities rather than the more well-known beyond reasonable doubt. (Which is why OJ was found not guilty, but liable for wrongful death, and more importantly why the RIAA, while using language from the domain of criminal law in the media, keeps these cases civil trials, though there's not much civil about it in any sense other than the legal.)

        Personally, I think the U.S. legal system needs to revisit their standards of compensa

    • Show some backbone, people.

      You've forgotten something: The "I didn't do it!" argument is a valid one. Or should be, anyway.

      My boss recently got "caught" by the MPAA for downloading and sharing movies. When he told me, I laughed out loud, the notion is so ludicrous. This is a guy who drops $15K on a family vacation every couple of years, flying his kids, their spouses and their children to the Caymans for a two-week stay in the beachfront duplex he owns on Cayman Brac. If he wants a movie, he buys

  • by Anonymous Coward
    Someone write a lightweight gnutella client that "frames" everyone within reach on the network. This way, the RIAA will have no clue....
  • by Anonymous Coward on Thursday October 02, 2003 @12:48AM (#7111076)
    Furthermore, a worm/trojan could be released that secretly installs a Gnutella client and ACTUALLY downloads some tunes. Would ignorance be an excuse, when suddenly every computer in the world is filesharing? Tell you what, if I did fileshare copyrighted material, I would put up a fight.
  • A Question (Score:5, Interesting)

    by bogie ( 31020 ) on Thursday October 02, 2003 @12:50AM (#7111086) Journal
    Someone already sort of asked this but they are modded at 0 and thus might not get heard that easily. I was wondering if anyone had a breakdown of just what P2P networking the RIAA is targetting. If you read the headlines all you would think is that this is between the RIAA and Kazaa. I remember when recently when we all joked about the actual kazaa names people were using and how many "kazaalite" users there would be.

    So what's the deal? Any WinMX, EDonkey, Bittorrent users being attacked in this recent spat of 700 cases by the RIAA. Or is it just those Kazaa users?

    • Re:A Question (Score:5, Informative)

      by Kilbasar ( 617992 ) * on Thursday October 02, 2003 @01:34AM (#7111271)
      I know for a fact that the MPAA monitors eDonkey. I was caught by them a few months ago, and they told my college to yell at me. Since the RIAA seems to put even more resources than the MPAA into tracking file sharing, I'm positive they're also watching eDonkey.
      • Re:A Question (Score:2, Insightful)

        by Armaphine ( 180636 )
        Well, the RIAA, in all honesty, has to sink a lot more investment into file-sharing than the MPAA does. After all, a person can download some 3 or 4 meg song over a 56K line without too much heartache. Try doing the same thing with a 700MB DVD rip, and it becomes a lesson in frustration.

        As far as monitoring the different networks, I'm sure that they do monitor them, but at this point, it's not worth them drawing more publicity to those networks, and therefore raising utilization of them. Stick with Kazaa,
      • by harmonica ( 29841 ) on Thursday October 02, 2003 @02:11AM (#7111378)
        About a year ago. There wasn't any punishment I'm aware of, but the network people didn't like the fact that they got quite a lot of those mails (big university, and obviously many people sharing).
      • Generally, eDonkey is for movies, KaZaA is for music. So it would make sense that MPAA would monitor ed2k network, but KaZaA probably doesn't need to.
  • Unlikely (Score:3, Insightful)

    by dtfinch ( 661405 ) * on Thursday October 02, 2003 @12:54AM (#7111108) Journal
    At least in the ways described in the document. They're describing potential attacks that just don't seem like they'd be worthwhile to pull off. A jury would be silly to use this as the reason to let file sharers off the hook, unless their only concern is getting the file sharers off the hook, regardless of whether they're guilty.
  • Annoying, it's it? (Score:4, Interesting)

    by RyanFenton ( 230700 ) on Thursday October 02, 2003 @12:57AM (#7111120)
    That's the thing about innocence until proof of guilt. One has to show evidence that the presumed innocent logically has to be guilty. Not that they COULD be guilty. Not that they might as well be guilty. Not if they have the tools that would allow them to be guilty. Not even if the prosecution can't find anyone else that they think might be guilty.

    It's things like these that can make harrassing people a real bummer for a litigious group in the long run. Still - fear and respectful loathing may still "work" in the short term. But again, that short-term respect and fear will die down if cases are ruled against them.

    Ryan Fenton
    • I posted this elsewhere in this article, but I think I'll post again here.

      In summary: I doubt this issue will be used to prove innocence, but rather to argue the subponea should not have been issued in the first place. In short, the plaintiff didn't have enough confidence in their assesment of infringement to legally merit the subponea.

      ---
      I'm lame and can't remember how to code a link, so I'll cut and paste instead...

      ---
      The issue is... what "evidence" is used to secure the subponea to get the case to cou
  • by MickLinux ( 579158 ) on Thursday October 02, 2003 @01:01AM (#7111139) Journal
    I am quite against intellectual property in general, because intellectual property is not truly property, and violates natural law.


    But I am also very much against anything that perverts justice, obfusciates the truth, and in general destroys respect for the law.


    This one is ridiculous, because 99% of the people who say "no, it wasn't me, someone set me up" based upon this will be perjuring themselves.


    Quite honestly, isn't that the claim that most criminals make?


    I, for one, if set up, would have a different answer: "I never installed Kazaa or other P2P software, nor did I pay the Kazaa fee." Come to think of it, that would be my defense if accused of stealing cable channels too: "I never bought one of those cable-selection-hiding filters; indeed, I never bought cable TV."


    Come off it, people. Stop trying to make a case for yourself why maybe it perhaps isn't so bad, and perverting your consciences.

  • RIAA (Score:3, Funny)

    by The Bringer ( 653232 ) on Thursday October 02, 2003 @01:11AM (#7111182)
    The RIAA has an amazing similarity to OJ Simpson. Still in search of 'The Real Filesharers'
  • Flaw (Score:2, Informative)

    by Anonymous Coward
    The article points out how p2p query and response packets can be forged, owing to the routing used by p2p systems. But when a download starts, it's between one peer and another (hence "P2P" or peer-to-peer). Downloads are invariably over tcp for reliability. So if the music industry downloads a song from you--well, you gave it to them over a specific IP that is not masked by the p2p query routing. One might object that the people being sued by the RIAA are not actually sharing files, and they there are s
  • Flaws in the paper (Score:5, Informative)

    by PureFiction ( 10256 ) on Thursday October 02, 2003 @01:36AM (#7111279)
    First, as some have mentioned previously, all of the RIAA legal actions required that the ISP's map date + IP correctly to the right user. This has shown to be problematic, as a number of Mac users have been caught up in the lawsuits.

    The RIAA cannot expect the ISP's to provide 100% infallable information. This alone is a bigger threat than the attacks mentioned.

    On to the paper. You can find it via google [google.com].

    For the duration of these items im going to assume that the networks in question are either FastTrack/KaZaa or Gnutella. These appear to be the networks currently targeted by the RIAA.

    Scenario 1: Modifying Search Requests and Search Results in Transit

    This is a non starter, as the RIAA have mentioned before regarding their tactics that they rely on MD5 check sums of files that are downloaded from the peer. Simply modifying search results or requests will not incriminate anyone given the method the RIAA is using.

    Scenario 2: Spoofing the Originator of Search Results and Search Requests

    This falls into the same problem as #1. This will not get someone targeted by the RIAA.

    Scenario 3: Renaming a Contraband File to Match Incoming Search Requests

    This is a bit more troubling, as the MD5 sums would match the contraband, however, the title may be something completely innocuous - "Slashot Comment Archive" for example.

    I find it unlikely that the RIAA would target someone based on MD5's alone. Their tactics appear to use a search to identify potential infringing uploaders, and then a download to confirm contraband via MD5 sum.

    If this is the case, then the search for contraband would likely miss this type of file, as it would be renamed to something else (also popular) but unrelated to contraband content.

    This does remain a viable risk and potentially exploitable entrapment attack

    Scenario 4: Impersonating Another GP2P User

    This is another non starter in the same lines as #1 and #2. The RIAA is not using randomly selected user GUID's to identify infringers.

    Scenario 5: Tricking an Innocent User Into Downloading Contraband from an Authority

    This is a very implausible attack. The RIAA is using custom software to track the network, and does not appear to be uploading the files they are downloading for evidence, as would normally be the case with a standard kazaa/morpheous client.

    The chances of downloading a contraband file from the RIAA crawlers seems nil, regardless of how spoofed search resulsts could direct them in this fashion.

    In short, there is a potential for abuse, but the methods used by the RIAA prevent a number of these from working effectively. They search keywords and titles, and then confirm contraband with MD5 checksums of the uploaded content.

    This is very hard to spoof without actually deploying the contraband on a peer with malicious intent. You are still liable if someone puts contraband on your client!

    The biggest danger is still the ISP's inability to properly account for times and dates for each user associated to each IP address. This will continue to target innocent individuals, although the RIAA does appear to drop cases that are blatantly without merit.
    • Scenario 1: Modifying Search Requests and Search Results in Transit

      This is a non starter, as the RIAA have mentioned before regarding their tactics that they rely on MD5 check sums of files that are downloaded from the peer. Simply modifying search results or requests will not incriminate anyone given the method the RIAA is using.

      First, the MD5 checksum isn't considered to be kosher as an electronic signature. It may be faked. This why other algorithms are used now for eSigs.

      Second, on networks tha

  • by Cryogenes ( 324121 ) on Thursday October 02, 2003 @01:45AM (#7111317)
    On the edonkey net, information about who has what files is collected and managed by edonkey servers. Since the server protocol is open, anyone could write a server that deliberately misinforms clients about the location of RIAA files.
  • by dewdrops ( 79519 ) on Thursday October 02, 2003 @01:55AM (#7111337) Homepage
    There's something that's bothered me about these lawsuits since the beginning: what proof does the RIAA have that a given person shared a file ? They're simply using logs of their software. But how is this being verified ? A log, afterall, is just a textfile; I can make one now that says Lars Ulrich was sharing my copyrighted works.

    Not to mention they're also relying on the DHCP logs of the sharer's ISP. These were designed to aid admins, not to be 100% accurate. And, even if we assume that the RIAA's and the ISP's logs are accurate, most people these days have multiple machines on their home networks and often wireless access points. How can could one possibly prove that the internnet account holder did the sharing and not a neighbor sneaking on via wireless or a friend who stopped by with a laptop or a roommate ?

    IANAL, but I don't see how any of these cases could possibly stand up in court, with or without security holes.
    • Yes, I agree, it'll be interesting to see one of these cases go to court. or better yet, what about those who willingly share wireless access, such as those individuals who participate in a community wireless projects? Or just simply keep their wireless routers open? I don't see how blame could be placed on the individual with the access point.

  • by FakePlasticDubya ( 472427 ) on Thursday October 02, 2003 @02:04AM (#7111358) Homepage
    It really makes no difference if these arguments can be used a a defense or not. THESE ARE NOT CRIMINAL CASES. There is NO JURY.

    Basically, you can go before a Federal Judge and try to convince him you shouldn't pay $150,000 per song, or you can settle with the RIAA for ~$2000. To do the former, you'll need to hire a lawyer and be out more than $2000 anyway.

    That's why it's so scary. These aren't criminal cases. Hardly anyone even goes to court to try and make a case at all.
  • by Nom du Keyboard ( 633989 ) on Thursday October 02, 2003 @02:22AM (#7111418)
    anyone on the Gnutella network can frame other users

    Not to mention that most home wireless networks are still running on their out-of-the-box (read no security) settings. How many people may have their IP hacked for filesharing through their wireless router?

    Even the best security settings on most 802.11b boxes are hackable, often in 24 hours or less.

  • what we need (Score:4, Interesting)

    by hpavc ( 129350 ) on Thursday October 02, 2003 @02:28AM (#7111426)
    what we need is someone to write a virus that installs inself on windows machines and honeypots the common various p2p protocols and gives results that the riaa hate like a few titles of briney, metallica, etc.

    so when your ip address changes and your still listed as a valid source they get scanned and nailed with the legal mess.

    that will put an end to this crap when they start suing innocent people in massive quantities.
  • Yes the RIAA has to make a good case for who they prosecute, but I think in order to use "someone could have framed me" as a defense, they'd have to provide a motive for why this person would have wanted to frame them.

    In civil cases (for damages) I *think* judgement is by proponderance of the evidence which means this will probably not be a good defense at all. A lot of things in court are decided on which cannot be proven 100%.
  • caching (Score:3, Insightful)

    by mericet ( 550554 ) on Thursday October 02, 2003 @03:50AM (#7111668) Homepage
    On of the obvious ways to scale-up Gnutella was caching of search results, this would mean that even without framing there could be responses which are already irrelevant because the IP address was since reassigned, this could potentially produce the same effect. Without actually successfully starting the download, there is no way to know if the response is correct. Additionally, the original Gnutella protocol does not provide checksums, so even a correct response could point to the wrong file.
  • by Rogerborg ( 306625 ) on Thursday October 02, 2003 @03:58AM (#7111705) Homepage

    That'll help to provide reasonable doubt! No... no, wait... these are civil cases, not criminal. There's no burden of proof, no assumption of innocence, no "reasonable doubt" defence.

    All that the RIAA has to do is to show that the balance of probability is that the person on the other side of the courtroom is who the RIAA say they are and did what the RIAA say they did. Now, really, how probable is it that Kazaa users (which is who they are targetting) are likely to be the target of a malicious prank that's only been claimed (anonymously, and not yet independently verified) to be theoretically possible on Gnutella?

    Sorry for the nasty little wake up call, but civil cases aren't like Twelve Angry Men [imdb.com]. If you're relying on this as a defence, I'd suggest changing your story to "a wizard did it" [xenafan.com], because that's a more probable explanation.

  • Reasonable doubt (Score:2, Insightful)

    by bo0ork ( 698470 )
    This is a digital world. Evidence is easy to fake and destroy. Picture a scenario where I download a BO (back orifice) client to my machine. Then it's up to the attorney to prove that someone didn't use that BO client to download things, first to my computer and then FTP:ing them to their own.
  • I doubt it. [iia.net.au]
  • by werdna ( 39029 ) on Thursday October 02, 2003 @07:14AM (#7112165) Journal
    In reviewing the threads in response here, I noted so many misconceptions as to how our legal system works, I thought it might be useful to compile them into a single e-mail rather than answer piecemeal.

    1. Jury Trial. Somebody suggested that because this is a civil action, there is no jury trial. This is not the case. The Seventh Amendment assures that a plaintiff or defendant is entitled to a jury trial for an action traditionally at law, which includes actions for Copyright Infringement.
    2. Preponderance of the Evidence.Because these are civil actions, the plaintiff only needs to prove the elements of his cause of action by a preponderance of the evidence. That is, to produce evidence tending to show that it is more likely than not that the allegation occurred. The theoretical possibilty that it might have happened otherwise doesn't suffice to get you off the hook (as it might in a criminal trial) unless you show not only that it is theoretically possible you aren't guilty, but that it is LIKELY that you aren't guilty.
    3. Reliability. Most evidence is unreliable -- there are two sides to every tale, and you almost never have a forensic "gotcha" slam-dunk that will actually goes to trial. The standards of authentication are virtually trivial in many cases, and the weight of the evidence is weighed by ordinary people. I guarantee this -- at the end of the day, the jury is not going to listen to forensic experts on both sides contradicting one another as to whether there might have been fuzzy spoofing to frame the defendant -- the jury is going to consider the facts and evidence overall, the credibility of the witnesses and most significantly, the circumstances overall under which they occurred. Case in point: A produces contract supposedly signed by B. B denies signature. Signature experts on both sides quibble about authenticity of signature. This case will be decided not on the scientific evidence, almost never. It will be decided on the circumstances of the case: "Did you speak with A then? yes. Did you discuss the terms of this agreement? yes, but those weren't the terms. Did you get the shipment of widgets shortly thereafter? yes. did you install them? yes. did you see the invoice? i don't remember. did you ever complain about the price on the invoice? i don't remember. how about that first check you sent, how come you used the price set in the agreement then? well, that was a clerical error." The answers won't matter so much, as HOW they are answered. And you will be amazed at how well a jury can smell a liar.
    4. Not everybody lies. When you are caught, at some point you will be asked the ultimate questions under oath, and then you have a choice: (i) tell the truth, in which case you may be credible enough to prevail; or (ii) lie, in which case you may be credible enough to prevail. The thing about lying, however, is this: you are lying. For many of us, when push comes to shove, personal honor tends to matter more than a few bucks. For others, well, that's how it goes -- they are the lying liars that make this place a sadder one in which to live.
    5. RIAA has a case. Look, here it is. If the facts are true, if you have copies of unauthorized works on your computer, and they catch you -- you are busted. You did the deed, and it is actionable. You might not like it, but you are responsible under the law for your conduct.
  • Spartacus (Score:3, Interesting)

    by DrXym ( 126579 ) on Thursday October 02, 2003 @07:55AM (#7112289)
    A P2P system which has nodes set by default to route requests and data packets around with a bit of crypto thrown in (a la Freenet but without the storage & ultraparanoid settings). The net result is that 1000s of sites know about some file, but only a handful actually have it with the rest routing packets around. The efforts involved in detecting who is actually doing the sharing would go through the roof. Of course P2P users might disable their settings to improve performance, but then they're exposing themselves to easier detection. So there is an obvious tradeoff, but by default it should be turned on to maximize the amount of noise.


    So let's see the RIAA crucify every single P2P user whether they're guilty or not. Altogether now - "I'm Spartacus!"

  • by TheSHAD0W ( 258774 ) on Thursday October 02, 2003 @08:43AM (#7112521) Homepage
    Depending on how the RIAA is getting their lists, the article is at best fallacious and at worst deceptive.

    Supposedly the RIAA is going after people who've been sharing more than a thousand titles. It is highly unlikely the RIAA would've gotten this information by sniffing the network or by putting out queries; it would just be too impractical. Gnutella hosts will very often put a list of what they're sharing up in the form of a web page, and if the RIAA were reading the page, they'd be retrieving it directly from the user's verifiable IP.

    Similarly, other networks have the option to "browse this person's list". From what I understand none of these networks route the results of such requests through any sort of indirection; the data is also transferred via a direct connection to the "offender's" machine.

"When the going gets tough, the tough get empirical." -- Jon Carroll

Working...