Innocent File-Sharers Could Appear Guilty? 380
daveo0331 writes " New Scientist has an article about what could be a promising defense strategy for people targeted by the RIAA. Basically, anyone on the Gnutella network can frame other users by making it look like someone is hosting RIAA music, even though they're not. Therefore, the RIAA's "evidence" against file sharers is theoretically unreliable and wouldn't stand as good a chance of holding up in court. No mention of whether this has anything to do with the RIAA's eagerness to settle the lawsuits out of court. The article is based on a research paper (PDF link, HTML version) posted anonymously to a web hosting service in Australia."
Innocent? Filesharing? (Score:5, Funny)
Re:Innocent? Filesharing? (Score:4, Interesting)
i think irate is great by the way, although there's certainly room for improvement (p2p support, perhaps, as well as integration with an external media player). maybe when i have time i'll sit down and (attempt to) throw something together... (hopefully someone will have done it by then, and i can just download it. =P)
Re:Innocent? Filesharing? (Score:3, Insightful)
Of course... (Score:3, Interesting)
If you want to try a mind twister, try realizing that RIAAs friends (their customers) are also their enemies (the pirates) and try to apply some "the enemy of my friend is also my enemy" logic.
Kjella
Entire computer share? (Score:3, Interesting)
Re:Entire computer share? (Score:3, Funny)
Re:Entire computer share? (Score:2)
Re:Entire computer share? (Score:2)
Re:Entire computer share? (Score:4, Informative)
Actually it stayed up like 2 hours.
Interesting note: I tried to create a batch file that endlessly spun on the CPU, trying to make it self DoS. Unfortunately, I'm running Windows 2000. When I made a batch file that looped itself, after it spun a few times I got a message to the effect of "too many iterations, closing app". Now with all the talk about how stupid MS security is, it was an interesting suprise to find that it wouldn't let me put it in an endless loop.
Re:Entire computer share? (Score:2)
Re:Entire computer share? (Score:2, Interesting)
Possibly beware of the link... (Score:5, Informative)
This may have happened already (Score:5, Interesting)
A number of people say they were wrongly accused by the RIAA, or that their children swapped music without their knowledge. The RIAA dropped one suit, against retired Boston teacher Sarah Ward, 66, when it was discovered she couldn't be sharing songs on pirate service Kazaa because she uses an incompatible Apple computer.
Re:This may have happened already (Score:4, Funny)
Re:This may have happened already (Score:4, Insightful)
Re:This may have happened already (Score:5, Funny)
just one (Score:3, Funny)
html link (Score:4, Informative)
Sure, karma whoring, but who wants to load a PDF? At least I didn't post a MS Word version of it!
-ted
Re:html link (Score:2)
Meh... (Score:2, Informative)
Re:Meh... (Score:2)
BURN RIAA... BUUuuuurn.
"Are they saying Boo Smithers? -Err, no, they're saying BOOurns..."
this unfunny stupid post brought to you by late night brain damage via sleep depravation. Good night.
The question is (Score:4, Interesting)
Re:The question is (Score:2)
Re:The question is (Score:3, Funny)
Ummm, so what? (Score:5, Insightful)
Re:Ummm, so what? (Score:2)
What about the obvious DHCP issue? (Score:5, Interesting)
Either due to ISP incomprehension, or RIAA non-specific requests, they most likely received a lot of information based on who was using that address after subpoena, not during copyright infringement.
Re:What about the obvious DHCP issue? (Score:5, Insightful)
So if RIAA gives them a IP,TIME_of_infringement, they will have no problem in retrieving a USERNAME and other resulting info to send to the RIAA
Re:What about the obvious DHCP issue? (Score:3, Interesting)
the law only requires them if they have such a record to produce it when issued with a court order
ISP's generally have this information as they needed it for their own billing systems
Re:What about the obvious DHCP issue? (Score:4, Insightful)
Umm no. The vast majority of user accounts are unmetred - you pay the same price for the month if you are online for 5 minutes or the entire month.
ISPs that are serious about protecting customer privacy will simply quit keeping these records.
Re:What about the obvious DHCP issue? (Score:5, Interesting)
Re:What about the obvious DHCP issue? (Score:5, Interesting)
And spammers will flock to them in droves.
After all, if the ISP has no record linking Time and IP Address to a customer, then there is no way to know who sent the spam...
Re:What about the obvious DHCP issue? (Score:2)
I absolutely get the picture. It's a much more serious problem than even you make it out to be.
It's still exactly what these corporate welfare whores are bringing about. Don't shoot me for bringing the message.
Re:What about the obvious DHCP issue? (Score:2, Interesting)
But I really don't know how cable networks work. So my question is, Does my cable ISP know what my IP address is at any given time? This is a theoretical question - I know that they are to incompetent to keep track of that, but just preten
Re:What about the obvious DHCP issue? (Score:3, Funny)
That's OK. Neither does your cable company.
Re:What about the obvious DHCP issue? (Score:2)
Re:What about the obvious DHCP issue? (Score:3, Interesting)
Re:What about the obvious DHCP issue? (Score:2)
Easy solution to the RIAA problem... (Score:2, Funny)
Nice, but... (Score:4, Insightful)
Oh yeah, and IANAL.
Re:Nice, but... (Score:2)
Yup. This is why introducing uncertainty in order to conceal what is being shared should be part of the basic protocol [stanford.edu].
Re:Nice, but... (Score:4, Informative)
However, for now, the RIAA is not prosecuting criminally (although this threat is always in the background of any negotiations to settle). They are prosecuting civilly.
In a civil case it is the preponderance of the evidence that is considered. In other words does the jury think it's more likely the defendant is "guilty" (liable actually) than not.
This is a much looser standard just ask O.J. ( Or Chaplin, who was found liable for the support of a child he had proven wasn't his).
KFG
Re:Nice, but... (Score:2)
In follow up, think of the "more probable than not" term on a percentage basis. In order to win, the RIIA need only prove that their assertion is more than 50% likely (defendant wins at the 50/50 point). So, 50.000...01% beats 49.999...99%
In the infamous Boston Grandmother situation, the chances of a jury tipping that par
Since it's theoretical, it doesn't change anything (Score:3, Insightful)
Re:Since it's theoretical, it doesn't change anyth (Score:4, Insightful)
To publish something that relies on reverse engineering puts you open to charges under the DMCA. Reverse engineering PD software is easy (you have the source). Reverse engineering a closed source program isn't exactly impossible, look at Kazaa-lite, for example. However there are other PD clients to more popular networks such as eMule for ed2k (no disassembly required).
So you can still say that the RIAA's IP address is sharing movies and the MPAA's IP address is sharing MP3s for other networks.
Where is the principal in all this ? (Score:5, Insightful)
Re:Where is the principal in all this ? (Score:5, Insightful)
Let's face, if it happened to you you'd bee bawling endlessly about the injustice instead of condeming possibly innocent people.
Haven't You Heard? (Score:5, Insightful)
Re:Haven't You Heard? (Score:3, Insightful)
That's because in civil trials, the standard of proof is on the balance of probabilities rather than the more well-known beyond reasonable doubt. (Which is why OJ was found not guilty, but liable for wrongful death, and more importantly why the RIAA, while using language from the domain of criminal law in the media, keeps these cases civil trials, though there's not much civil about it in any sense other than the legal.)
Personally, I think the U.S. legal system needs to revisit their standards of compensa
Re:Where is the principal in all this ? (Score:3, Interesting)
Show some backbone, people.
You've forgotten something: The "I didn't do it!" argument is a valid one. Or should be, anyway.
My boss recently got "caught" by the MPAA for downloading and sharing movies. When he told me, I laughed out loud, the notion is so ludicrous. This is a guy who drops $15K on a family vacation every couple of years, flying his kids, their spouses and their children to the Caymans for a two-week stay in the beachfront duplex he owns on Cayman Brac. If he wants a movie, he buys
Good strategy to confuse the RIAA (Score:2, Interesting)
Even worse (or better?) (Score:5, Interesting)
A Question (Score:5, Interesting)
So what's the deal? Any WinMX, EDonkey, Bittorrent users being attacked in this recent spat of 700 cases by the RIAA. Or is it just those Kazaa users?
Re:A Question (Score:5, Informative)
Re:A Question (Score:2, Insightful)
As far as monitoring the different networks, I'm sure that they do monitor them, but at this point, it's not worth them drawing more publicity to those networks, and therefore raising utilization of them. Stick with Kazaa,
Same here with Gnutella (Score:4, Informative)
Re:A Question (Score:2)
Unlikely (Score:3, Insightful)
Annoying, it's it? (Score:4, Interesting)
It's things like these that can make harrassing people a real bummer for a litigious group in the long run. Still - fear and respectful loathing may still "work" in the short term. But again, that short-term respect and fear will die down if cases are ruled against them.
Ryan Fenton
Re:Annoying, it's it? (Score:2)
In summary: I doubt this issue will be used to prove innocence, but rather to argue the subponea should not have been issued in the first place. In short, the plaintiff didn't have enough confidence in their assesment of infringement to legally merit the subponea.
---
I'm lame and can't remember how to code a link, so I'll cut and paste instead...
---
The issue is... what "evidence" is used to secure the subponea to get the case to cou
I am quite against IP in general... (Score:3, Funny)
But I am also very much against anything that perverts justice, obfusciates the truth, and in general destroys respect for the law.
This one is ridiculous, because 99% of the people who say "no, it wasn't me, someone set me up" based upon this will be perjuring themselves.
Quite honestly, isn't that the claim that most criminals make?
I, for one, if set up, would have a different answer: "I never installed Kazaa or other P2P software, nor did I pay the Kazaa fee." Come to think of it, that would be my defense if accused of stealing cable channels too: "I never bought one of those cable-selection-hiding filters; indeed, I never bought cable TV."
Come off it, people. Stop trying to make a case for yourself why maybe it perhaps isn't so bad, and perverting your consciences.
Re:I am quite against IP in general... (Score:3, Interesting)
No. It is just for someone to benefit from their labors. The common law takes a lot from the Bible, and the biblical phrase is "the fruit of their labors", not "the fruit of their dreaming." That said, so that you don't think I'm pointlessly quoting something, let me ask you: when is the last time that you have seen someone *think* food onto the table or into peoples' hands? Mind you, it has happened [Christ feeding the 5000], yet he was also Go
Re:I am quite against IP in general... (Score:2)
More significantly, these laws are relatively new - they come from British common law, when the crown used to grant monopolies as f
RIAA (Score:3, Funny)
Flaw (Score:2, Informative)
Flaws in the paper (Score:5, Informative)
The RIAA cannot expect the ISP's to provide 100% infallable information. This alone is a bigger threat than the attacks mentioned.
On to the paper. You can find it via google [google.com].
For the duration of these items im going to assume that the networks in question are either FastTrack/KaZaa or Gnutella. These appear to be the networks currently targeted by the RIAA.
Scenario 1: Modifying Search Requests and Search Results in Transit
This is a non starter, as the RIAA have mentioned before regarding their tactics that they rely on MD5 check sums of files that are downloaded from the peer. Simply modifying search results or requests will not incriminate anyone given the method the RIAA is using.
Scenario 2: Spoofing the Originator of Search Results and Search Requests
This falls into the same problem as #1. This will not get someone targeted by the RIAA.
Scenario 3: Renaming a Contraband File to Match Incoming Search Requests
This is a bit more troubling, as the MD5 sums would match the contraband, however, the title may be something completely innocuous - "Slashot Comment Archive" for example.
I find it unlikely that the RIAA would target someone based on MD5's alone. Their tactics appear to use a search to identify potential infringing uploaders, and then a download to confirm contraband via MD5 sum.
If this is the case, then the search for contraband would likely miss this type of file, as it would be renamed to something else (also popular) but unrelated to contraband content.
This does remain a viable risk and potentially exploitable entrapment attack
Scenario 4: Impersonating Another GP2P User
This is another non starter in the same lines as #1 and #2. The RIAA is not using randomly selected user GUID's to identify infringers.
Scenario 5: Tricking an Innocent User Into Downloading Contraband from an Authority
This is a very implausible attack. The RIAA is using custom software to track the network, and does not appear to be uploading the files they are downloading for evidence, as would normally be the case with a standard kazaa/morpheous client.
The chances of downloading a contraband file from the RIAA crawlers seems nil, regardless of how spoofed search resulsts could direct them in this fashion.
In short, there is a potential for abuse, but the methods used by the RIAA prevent a number of these from working effectively. They search keywords and titles, and then confirm contraband with MD5 checksums of the uploaded content.
This is very hard to spoof without actually deploying the contraband on a peer with malicious intent. You are still liable if someone puts contraband on your client!
The biggest danger is still the ISP's inability to properly account for times and dates for each user associated to each IP address. This will continue to target innocent individuals, although the RIAA does appear to drop cases that are blatantly without merit.
Checksums... (Score:2)
First, the MD5 checksum isn't considered to be kosher as an electronic signature. It may be faked. This why other algorithms are used now for eSigs.
Second, on networks tha
Even easier on edonkey (Score:4, Interesting)
Even without these holes, where's the proof ? (Score:5, Insightful)
Not to mention they're also relying on the DHCP logs of the sharer's ISP. These were designed to aid admins, not to be 100% accurate. And, even if we assume that the RIAA's and the ISP's logs are accurate, most people these days have multiple machines on their home networks and often wireless access points. How can could one possibly prove that the internnet account holder did the sharing and not a neighbor sneaking on via wireless or a friend who stopped by with a laptop or a roommate ?
IANAL, but I don't see how any of these cases could possibly stand up in court, with or without security holes.
Re:Even without these holes, where's the proof ? (Score:2)
There are no juries, these are CIVIL cases (Score:3, Insightful)
Basically, you can go before a Federal Judge and try to convince him you shouldn't pay $150,000 per song, or you can settle with the RIAA for ~$2000. To do the former, you'll need to hire a lawyer and be out more than $2000 anyway.
That's why it's so scary. These aren't criminal cases. Hardly anyone even goes to court to try and make a case at all.
Re:There are no juries, these are CIVIL cases (Score:5, Informative)
Of course there are juries in civil cases. What makes you think there aren't? It depends on the jurisdiction, but at least in the federal court system [uscourts.gov], in most civil cases you need only ask for a jury trial to get one, and only if both parties waive will you not get a jury (i.e., get a bench trial).
Not to Mention That... (Score:3, Insightful)
Not to mention that most home wireless networks are still running on their out-of-the-box (read no security) settings. How many people may have their IP hacked for filesharing through their wireless router?
Even the best security settings on most 802.11b boxes are hackable, often in 24 hours or less.
what we need (Score:4, Interesting)
so when your ip address changes and your still listed as a valid source they get scanned and nailed with the legal mess.
that will put an end to this crap when they start suing innocent people in massive quantities.
Re:what we need (Score:2)
Re:what we need (Score:2)
They might be reaching for it (Score:2, Insightful)
In civil cases (for damages) I *think* judgement is by proponderance of the evidence which means this will probably not be a good defense at all. A lot of things in court are decided on which cannot be proven 100%.
caching (Score:3, Insightful)
Ooh, an anonymous paper (Score:4, Informative)
That'll help to provide reasonable doubt! No... no, wait... these are civil cases, not criminal. There's no burden of proof, no assumption of innocence, no "reasonable doubt" defence.
All that the RIAA has to do is to show that the balance of probability is that the person on the other side of the courtroom is who the RIAA say they are and did what the RIAA say they did. Now, really, how probable is it that Kazaa users (which is who they are targetting) are likely to be the target of a malicious prank that's only been claimed (anonymously, and not yet independently verified) to be theoretically possible on Gnutella?
Sorry for the nasty little wake up call, but civil cases aren't like Twelve Angry Men [imdb.com]. If you're relying on this as a defence, I'd suggest changing your story to "a wizard did it" [xenafan.com], because that's a more probable explanation.
Reasonable doubt (Score:2, Insightful)
Anonymously? (Score:2)
So many misconceptions . . . (Score:5, Informative)
Spartacus (Score:3, Interesting)
So let's see the RIAA crucify every single P2P user whether they're guilty or not. Altogether now - "I'm Spartacus!"
The article is fallacious. (Score:4, Insightful)
Supposedly the RIAA is going after people who've been sharing more than a thousand titles. It is highly unlikely the RIAA would've gotten this information by sniffing the network or by putting out queries; it would just be too impractical. Gnutella hosts will very often put a list of what they're sharing up in the form of a web page, and if the RIAA were reading the page, they'd be retrieving it directly from the user's verifiable IP.
Similarly, other networks have the option to "browse this person's list". From what I understand none of these networks route the results of such requests through any sort of indirection; the data is also transferred via a direct connection to the "offender's" machine.
Re:Does it realy make a difference? (Score:5, Informative)
Re:Does it realy make a difference? (Score:2)
Slow down cowboy!
Re:Does it realy make a difference? (Score:4, Informative)
You can't put whatever you want as your IP. That's stupid. In P2P networks, other peers connect to you. They know your real IP number.
Where you lie is when someone searches for a file (you search by asking your neighbors in Gnutella), you just put in a random (or not so random) IP number and claim that the machine returned a successful hit and send it back to the original peer.
Lo and Behold! That machine could be thought of a culprit by the RIAA if they don't verify by downloading.
Re:Does it realy make a difference? (Score:2)
Not really. The courts have decided there's legitimate uses for P2P and therefore they actually have to catch you in the act of violating the law to sue you.
That may be true, but I'm not really sure there's a legitimate reason for a P2P service to anonymize transations, except to evade law enforcement.
Just to clarify things, I happen to be one of the vast majority of people who don't believe in absolute privacy rights for everyone (although I realize we are a minority here on
-a
Re:Does it realy make a difference? (Score:3, Interesting)
This would be like filesharing on irc send file data through irc servers. This would bring almost any server instantly down. So the files go through only routers etc in between but no acutal end users.
In these programs only the search information is gathered p2p. SO if kazaa runs a supernode it caches searc
Re:Does it realy make a difference? (Score:2)
The data is also encrypted and files are identified only by an MD5 hash, so none of the nodes even know what the other nodes are transferring through them, or what files they have other than the ones they specifically requested.
Yes, it is -much- slower and less efficient than regular P2P. It's also much more anonymous.
Re:mp3 music is illegal (Score:4, Insightful)
Dude, if I had you as a parent, I'd watch your back. How is your lesson any better than a thug breaking a gambler's legs for not paying on time? I hope you don't own any guns... you just may become a statistic.
Re:mp3 music is illegal (Score:3, Insightful)
I suppose you've never copied a video tape, or a cd, or a casette, or recorded something off the radio or tv.
I don't get why people treat downloading music as worse than stealing the cd. It's not even close to being like physicly ste
Re:mp3 music is illegal (Score:5, Insightful)
So it's pretty obvious that you are a troll but you do inadvertently raise a good point about authoritarianism.
Destroying your son's personal property was an immature act. He knows it was a childish thing to do, and it caused him to lose respect for you as an authority figure and role model. You have eroded your ability to make moral judgments that he will respect.
If your child does not respect you, he will not listen to you. Because of the power you wield he will simply give the appearance of respect and obedience, but in reality will go behind your back and do whatever he wants. This is the behavior you are reinforcing. Why would he do any differently?
So in a way you are like the RIAA. The RIAA is destroying any respect the public had for it by suing its own customers for large damages, much like you destroyed your son's iBook. Now even if they had a valid moral position (e.g. sharing music is stealing from artists) people are disinclined to believe it, regardless of its veracity. Music sharing will go on - just behind the RIAA's back.
You and the RIAA both need to act like adults here and build trust by acting maturely. Then maybe you both will get the respect you desire.
Re:mp3 music is illegal (Score:2)
Just so you know, you're raising a rebel.
"In any event, no one here has anymore right to judge my parenting skills than I do."
Perhaps not. But when everybody tells you what an idiotic parent you are being, I'd advise you listen. You don't have to agree, but seriously, listen.
Re:mp3 music is illegal (Score:3, Funny)
Oh wow. I had no idea Dr. Laura visited Slashdot!
Re:mp3 music is illegal (Score:2)
Oh wow. I had no idea anybody that listened to Dr. Laura visits Slashdot!
Re:Weasely (Score:3, Informative)
The subponea is issued simply at the "request" of the copyright holder. In basic terms, because they say in good faith, that infringement (impringlement) occured.
The abi
Re:Weasely (Score:3, Informative)
Nice point and it inspired me to go check out the wording of the DMCA to see exactly what it does say about subpoenas.
In preface to the quote, I'll add my opinion that this paper on spoofed addresses is probably even more relevant to the pending appeals of the ISPs than to the cases against individuals.
As you can see for yourself, this paper would allow the ISP to simply deny that they have a reliable response to the subpoena and so cannot provide any data. Here's the quote from Title 17, [cornell.edu]
Re:Oh please (Score:3, Informative)
*Remotely administer files on a computer
*Access files on my PC while at class
*Back up data
*Aquire legal distributions of applications
*Aquire legal distributions of media
*Aquire quick information about a song or artist
*Communicate and (legaly) share files between friends and co-workers
seems like legitimate uses to me.
Re:Those silly Windows users. (Score:2)