RIAA's 'Expert' Witness Testimony Now Online

NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"

Not Chappelle too!

[vic-traill]

14 MR. BECKERMAN: I would like to mark as Exhibit 3 a two-page article dated April 19, 2004 by David Chappelle entitled "Newest PacketHound release eliminates illegal trading of copyrighted files."

Oh man, even Chappelle is going over to The Dark Side. That is *not* funny, Dave.

[/humour]

Re:Not Chappelle too!

[Brian Gordon]

This is not an option nigger, share the file or we have a problem.

Re:

[Just Some Guy]

What we have right here is Slashdot's first instance of "+5: N-word".

Re:

[EzInKy]

The hatred for the RIAA here is well-established. Out of genuine curiosity, what do Slashdotters think artists and others who work in the music industry should do to protect themselves from piracy?


First off let us be clear...it is not the artists who are hurt by filesharing....it is the music publishers. The 99% of artists who have not been signed to a profitable music industry contract stand to lose nothing by the free sharing of their music.

One quick thought about licensure

[Raul654]

I saw something in the transcript that I wanted to point out before anyone else here criticizes Jacobson on it:

Q. By what body are you certified as an engineer?
A. By no professional society.
Q. No professional society? Is there any organization that has certified you as an engineer?
A. No.
Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --
Q. Are you part of any body the members of which are peer-regulated?
A. Can you give me an example of what you are --
Q. A lawyer, an architect, an accountant. I thought an engineer had to be certified by a peer-regulated body.
A. To be called a professional engineer they do.
Q. So are you not a professional engineer?
A. I do not have a PE license.

Based on his Jacobson's research page [iastate.edu]. It looks like Jacob's, a professor "on the faculty of Electrical and Computer Engineering", is a computer engineer. Given that, the above statement is totally understandable As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE. (Not a single computer engineering professor in my University is). PE's are common in engineering professions where somebody needs to sign off on the final product - civil engineering especially, and mechanical engineering to a lesser extent.

Re:One quick thought about licensure

[Cassini2]

I'm a Computer Engineer and a Professional Engineer. If I testify in legal proceedings, I am required to adhere to specific professional standards. My certifying body takes our legal obligations fairly seriously. A customer would be wise to hire properly licensed engineers for matters involving legal responsibility and/or large contracts. Amongst other requirements, licensed engineering firms require liability insurance, so if things go bad, the customer has some recourse. We also have ethical standards constraining what we can say or do.

Re:

[NewYorkCountryLawyer]

Such as testifying as an expert witness in judicial proceedings in which one party is seeking to recover tens of thousands of dollars?

Re:One quick thought about licensure

[Cassini2]

I would expect my licensing body would get annoyed with me if I spent "45 minutes" (Page 54) drafting a report that was used as part of litigation. They expect that Professional Engineers check our facts so as not to mislead a jury. This avoids sequences of questions like that from Page 42, where the witness essentially admits:

a) he did not look for alternative explanations,

b) he did not check how accurate his findings were (potential rate of error),

c) he has no standards or controls,

d) he is not using published methods accepted by the scientific community, and

e) has no way of determining if the information given to him was correct.

It is considered a substantial problem if a Professional Engineer misleads a jury, as it can pervert justice. As such, it is very important for the legal duties be taken seriously and with the required standards of care.

OT Computer Engineers

[davidwr]

As a Software Engineer who does not have a PE, I'm curious as to what areas of software require a PE?

About the only ones I can think of are in control systems, particularly where a failure could cause loss of life or serious injury. The computers that control an automobile engine and brakes come to mind. "Secondary" systems which provide life-saving information, such computers in aircraft-control towers, might also require a PE's blessing, but this seems like a stretch.

Are there any software engineers out

Re:

[Raul654]

I'm almost certain that the NSPE, the main (only?) engineering licensing body, does not offer licensure to software engineers. As a computer engineer, when I took the FE exam (the exam you have to pass before you can take the PE exam and become a professional engineer), I had to take it in electrical engineering, because they have no separate computer engineering exam. And having a software engineer take it would be throwing him to the wolves - the electrical-engineering specific section is REALLY FUCKING H

a joke

[acidrain]

A scientist, an engineer and a programmer are on a road trip. Their car goes out of control on a steep hill and they barely make it to the bottom alive.

The scientist tries to calculate the distance to the nearest repair shop, the engineer suggests checking the wiring and brake pads, and the programmer suggests driving to the top and seeing if it happens again.

My point? Programmers and engineers are different. The best way to solve their problems is different. I trust this CTO more because he doesn't h

One quick thought about expert witnesses.

[Anonymous Coward]

"Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --"

A professor is part of a "peer-regulated" body. He may not be able to call himself an engineer, but that doesn't mean he's not an expert.

Re:

[lawpoop]

It doesn't mean that he's not an expert, but it does mean that there's nothing really keeping him honest in the courtroom, other than his reputation. He could have sold out to the RIAA.

If you are a PE and you build a bridge wrong, you could lose your license, thus your livelihood, and even be thrown in jail. If Jacobson describes what he is capable of knowing about P2P filesharing that's not entirely accurate, what exactly does he suffer? Might that be outweighed by whatever compensation he was getting fro

Re:

[lawpoop]

True, the fact that he is not licensed does not mean that he is outside of his realm of expertise. The fact that he is not licensed sort of means that if he is caught lying or doing a shitty job, the only thing he loses is his reputation and standing.

He could have totally sold out to the RIAA and developed a bogus, faulty, or ambiguous method of identifying file-sharers. If he belonged to a professional organization, he would be legally responsible for his work. As it stands, he is not.

Professors are

Re:One quick thought about licensure

[mollymoo]

As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE.

Way off-topic, but programming desperately needs the kind of accountability and professionalism that 'real' engineering has. We're around where engineering was 100 years ago just now, with a hundred different screw threads and steam engines which explode in your face. 'software engineering' may be an academic discipline, but 'professional' (in their execution) software engineers are few and far between and professionally engineered software is rarer still. The lawyer is making a valid point.

Before you ask, I am a professional (it's my job) programmer. I'd love to be an engineer. I'd love to work somewhere where those kind of standards were applied. I'd get a CS degree (mine is in Physics), but those programmers I've worked with who have CS degrees don't seem much more engineer-like in their application than those without. Too much hacking, not enough engineering. Perhaps civil engineers would be the same if every bridge had "this bridge comes with no warranty, either express or implied" written into the contract.

Re:One quick thought about licensure

[Raul654]

As far as licensing, one of the turning points happened when a school in Texas blew up as a result of faulty engineering. Public outcry caused them to pass the strictest engineering accountability standards in the nation. (IANAL - if you are are not an NSPE licensed engineer, but your business card calls you an engineer, and you happen to be passing through Texas, DO NOT put your business card in any of those put-your-business-card-in-here-to-win-something fishbowls. I've been told people have been prosecuted for this under the licensing laws)

Re:

[Raul654]

PS - about the school that blew, the Wikipedia article is here [wikipedia.org].

PE software engineers

[Original Replica]

programming desperately needs the kind of accountability and professionalism that 'real' engineering has.

So would a PE software engineer lose his license if he made software with numerous bugs? Can software engineers really be held to the same level of accountability as structural engineers? I thought it was near on impossible to write error free software these days. What criteria would you use for standards?

Re:

[Runefox]

Structural faults in buildings are also something that is unavoidable, though the utmost of care is taken to ensure it doesn't happen, both before and after construction. Therefore, such an engineer on the software side would be responsible for ensuring that software is relatively bug-free and well-tested, and to ensure that any bugs found are swiftly and effectively squashed.

Re:

[Dun Malg]

So would a PE software engineer lose his license if he made software with numerous bugs?

No, not so long as the bugs a) weren't serious in their consequences, and b) the system failed gracefully without seriously damaging any data. Just the same as a professional structural engineer. If (for example) the construction crew slightly screws up the sand mix in the concrete in one section, it is expected of the engineer to have spec'd the building such that it won't simply collapse as a result. Engineering is often about planning for bad things to happen and mitigating the effects by design.

Re:

[NMerriam]

Requiring PE involvement in the software world might work to put some kind of (very welcome) brake on the reckless development practices that many companies follow, but given the added cost and added legal responsibility, I suspect it'd just end up decimating the domestic software labor pool and pricing custom software out of the reach of all but a few companies. Substantially more programs get built during any given year than bridges, after all.

True, but a lot more "things" get built than bridges, and mo

Re:

[ClosedSource]

"What does the fact that two bytes having 65,536 states have to do with complexity? That's irrelevnat to the complexity of the system; any software system can (and should) be broken down into smaller functional modules that can be further broken down into smaller chunks etc"

Sure, there is decomposition, but the number of correct states remains high compared to physical systems. However, since nearly all software has bugs, there are other states the software can assume that are totally unknown. So the number

The FE Exam

[dj245]

I'm currently studying for the spring Fundamentals of Engineering exam (FE). After taking this exam and working in the field of engineering for 5 years, you can take the Professional Engineering (PE) exam. Its not the easiest test in the world, and its a big pain in the arse. That said, I think a computer science student would have a particularly hard time with it. The morning session (general) is composed of several subjects including chemistry, strengths of materials, physics, thermodynamics, fluid mechanics, a small ethics session, etc. Basically all engineering knowledge known up to 1935, updated to the modern day. Everyone has to take the general session, and I think Comp sci students would struggle with it.

The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.

As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.

Re:

[Raul654]

(A) Yes, they have chemical engineering.

(B) As someone who took the FE electrical engineering exam, I can tell you that I seriously doubt more than tiny fraction of computer science students could pass the electrical engineering section-specific exam.

The morning section (general engineering) is relatively easy, especially if you have a well-rounded engineering background (I knew enough about steel composition from quiz bowl [wikipedia.org] to answer that mechanical engineering question in the morning section, for example.

Depends on the state

[geekoid]

In Oregon you have to have a PE to have the word 'Engineer' in your title, or to call yourself one.

Re:

[Yvanhoe]

I would also say that I don't really understand the tone of the /. post here. I have read half of the 143 pages and I must say Jacobson has made patient and correct statements all the way of the interview. It must have been really frustrating explaining how MAC and IP address work to a lawyer.

Re:

[NewYorkCountryLawyer]

It's not a question of how patient he was, or how frustrating it was for him, or how ignorant I am of technical things. It's a question of a man purporting to giving "expert" opinions which are not based on any verifiable methodology worthy of being used in a court of law to support someone's claim against another person for tens of thousands of dollars.

You shouldn't be feeling sorry for him, you should feel sorry for his thousands of victims.

He had a choice of whether to accept an assignment he was not qu

Re:One quick thought about licensure

[lawpoop]

Because he is not a professional engineer, there is nothing really keeping him from being a talking head in court. On the witness stand, he could be totally honest and forthcoming, or he could totally sell out the the RIAA and say whatever they wanted him to say. The only thing at stake is his reputation, if he is later discredited. However, a professional engineer would lose their license if they were shown to have acted fraudulently or negligently, and thus their career, profession, and ability to make a living.

It's fine to give a professor the benefit of the doubt when you attend his/her lecture. Doing so in a courtroom seems an act of extreme naivety.

Re:

[Raul654]

"Because he is not a professional engineer, there is nothing really keeping him from being a talking head in court. On the witness stand, he could be totally honest and forthcoming, or he could totally sell out the the RIAA and say whatever they wanted him to say." - If he outright lies, he could always be charged with perjury (and, I believe, depositions this one are given under penalty of perjury)

Re:

[UncleTogie]

As a Professional, you are expected to be more knowledgeable and better experienced than the average person.

I'd had the same impression until a client of mine took his insurance company to court. Y'see, his office had a flood over Christmas vacation, and he had to replace most of his equipment. The insurance company called foul, and asked to see the fried PCs, including the server. They then called in an expert, who maintained they WERE able to get data from it, even though they could never prove this in court. The scariest part? Their expert was asked if he was, in fact, an expert in the field of medical imag

Re:One quick thought about licensure

[NewYorkCountryLawyer]

While I do think it odd that the RIAA picked a guy who (a) is not a professional engineer, (b) has never testified anywhere except at a school board meeting, and (c) is involved in selling software, to universities and other LAN networks, which is supposedly designed to avoid RIAA lawsuits..... these aren't to my mind the most important things to focus on.

What is more important and shocking is the unprofessionalism of his vodoo science.

If this witness (a) lacked appropriate professional credentials, (b) lacked appropriate expert witness credentials, and (c) had a major conflict of interest, but nevertheless had a convincing and reliable scientific basis for his conclusions, then he would present a formidable obstacle.

As it turns out, his "method" -- if you want to call it that -- will be laughed out of any courtroom.

Here's something to question...

[Xenographic]

15 Q. Does a MAC address tell you if a
16 device is wired or wireless?
17 A. If you can see the MAC address of the
18 transmitting device you could see whether that
19 device was wired or wireless.

This is flat-out wrong. Yes, you CAN find the OUI [wikipedia.org] that might well give you enough information to find out who made the hardware. The problem is that you can change the whole damn MAC address. Conveniently, Wikipedia even has instructions on how to change your MAC [wikipedia.org] on many OSes, although there's an illustrated guide on changing your MAC [nthelp.com], elsewhere.

This guy may know a bit of programming, but this kind of stuff makes it pretty clear to me that he has no idea how people can and do manipulate information. It's pretty clear to me that he's done little more than investigate only those things which might support their case and has completely ignored anything which might cast doubt upon it.

Re:

[ClosedSource]

I think there are a lot of organizations that would love to take your money and it might be good PR to join one, but I don't think it proves anything about your abilities.

Re:

[ResidntGeek]

Ooh! I know! I know! Is it because we spend our time doing things other than licking our fingers while our drunk friends take our pictures? I thought so. We evolved past stupidity millennia ago, you see.

Re:One quick thought about licensure

[NewYorkCountryLawyer]

As to the economics side of the discussion: Most of the litigation settlements are $4500. Some people don't have the money. Some people are completely innocent. Almost no one can afford what it costs to defend a case brought by the RIAA, because the RIAA handles the cases in a way calculated to maximize the costs.

As to the human side, my guess is that a person like you -- who is probably on the high end of being able to weather something like this -- would find it pretty major. If you were totally innocent of copyright infringement which would you rather do -- pay $4500 in extortion money, or pay a fortune in legal fees to vindicate yourself. My guess is that either of those would leave you pretty unhappy. There are many, many people who are totally distraught over being put in these positions, and having to make impossible choices: (a) pay money I can't afford for something I didn't do; (b) turn in my child so they can sue him or her; (c) turn in my nephew or a neighbor's kid, so he can be sued; (d) incur an open-ended expense fighting the case; (e) file bankruptcy, even though it's for a "debt" I don't owe.

Also many people are afraid they or their children are going to jail.

And none of the settlements are true settlements: they require an admission of guilt; they leave you open to further lawsuits; and they require you, for the rest of your natural life, to refrain from doing many things which are NOT copyright infringements.

Respect

[lightversusdark]

Respect to you Ray.
I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
And it's nice to see that the community could have been of help.
All the best.

Re:Respect

[NewYorkCountryLawyer]

Thank you, light.

(You don't mind if I call you by your first name, do you?)

Re:

[X-treme-LLama]

Haha.

Smart, funny, and respectable? Are you sure you're a lawyer?

If I'm ever in (yourtown) I'm going to have to buy you a beer.

Re:

[Nom du Keyboard]

If I'm ever in (yourtown) I'm going to have to buy you a beer.

I think Ray is owed a whole pitcher at least, and I'd be the first to buy him one and share it over some laughts.

Re:

[NewYorkCountryLawyer]

Thanks, Nom. I'm not actually capable of drinking a pitcher, but a glass would go down nicely.

Re:Respect

[NewYorkCountryLawyer]

It doesn't mean a thing. In a deposition it's a totally inappropriate objection. And there was probably not a single instance in which it would have been an appropriate objection at trial.

At a trial "lack of foundation" means the lawyer's question has leapfrogged over some other material that would have been needed ... i.e. laying a foundation.

But since I would only be crossexamining this guy, lack of foundation would not have been an appropriate objection to my questions there either.

I.e., the RIAA lawyer, hopefully out of inexperience rather than calculated dilatoriness, was wasting our precious time.

Re:Respect

[cpt kangarooski]

Re: objections in depositions, they're hardly uncommon. There's no judge present, and it would be nightmarish if you constantly had to bother the judge over every little thing. So if you feel you need to object, you just do it, and it's in the record, and everyone proceeds. If the objection is sustained later, then it can affect how much of the deposition remains. It generally doesn't indicate that things are tense, rather it indicates that the rules of evidence are somewhat technical and that it's important to preserve an objection lest it be lost by not objecting in a timely fashion. So by and large, it's just how these things go.

You wha?

[RealSurreal]

Does someone want to summarize that deposition before I die of lawyer-speak overdose?

Re:

[mikelieman]

You really do need to read it to savor it properly. The "Ok, Demonstrate it." part is going to be a classic.

Re:

[Nom du Keyboard]

Does someone want to summarize that deposition before I die of lawyer-speak overdose?

The expert found nothing incriminating, and the RIAA therefore maintains they were given the wrong hard drive. Now go have a beer.

Re:You wha?

[Anonymous Coward]

As I interpret it, the summary is that the guy inspecting the hard drive appeared to have no formal qualifications, his methods were not peer reviewed, he was unaware of the exact methods and procedures of the software he had been using to identify the user or examine the hard drive, he could not testify that although media appeared to be shared it had actually been downloaded by any person (other than the software looking for copyright material), although he examined the disk he didn't actually document any of his findings, that he was not aware if the time of IP address allocation and the IP address to account lookup that Verizon did was actually correlated/synchronized, that he was unaware of Verizons' procedure for looking up such data and if it was free of human and/or mechanical errors, that he didn't know what the IP allocation time was or how many times this dynamic IP address had been allocated that day, that he himself teaches classes involving spoofing, that there were 3 user accounts on the hard drive that he examined, and that, assuming the information from Verizon was accurate, he had no way to actually show which particular person had been using the computer. Further, he conceded that it was possible to compromise and control a computer remotely over the Internet, and that he had not investigated if this had actually occurred. A document was also referred to in which it was shown that P2P applications often scan users hard drives and share media on installation, and many P2P users are not aware of which files on their computer are shared, even when their whole drive may be shared, including personal documents. It was also stated that P2P applications can run in the background, e.g. in the system tray, perhaps without the users knowledge.

There was some tenuous discussion of how MAC addresses are used (to which I am not certain I completely agree, but I'm not an expert), and again on how the correlation of two address fields in a Kazaa packet shows that the computer was connected directly to the Internet and not through a router. Again, there was nothing to show that the computer connected to the Internet at the time actually belonged to the Verizon account holder, because no MAC address was recorded and in fact he didn't have access to anything except the hard drive (although personally I would expect Windows records this in the registry, which he did examine and didn't document). In any case, he did say that MAC addresses could be spoofed.

Most interesting for me was that as the examiner, he had been asked purely to find out if Kazaa and MP3 files were present, and he seemed to followed that direction, failing to look for any materials (e.g. malware, remote control apps, etc.) that could possibly have assisted the defense.

HTH

Zzzzz...

[Frosty Piss]

Maybe someone kan point out the juicy tid-bits. I'm up to page 20, and I'm falling asleep.

Re:

[Quantam]

Ughhh. I'm up to 40 and reading. This is like a Mongolian [wikipedia.org] version of Law and Order.

Re:

[tftp]

Computer forensic "expert" tries to claim he's ignorant of NAT

Not so. He was very careful with his words in presence of a lawyer who has no clue and posesses selective hearing skills. More than once the lawyer tried to put his words into witness's mouth, but the witness resisted, rightly.

Most P2P systems are probably on 192.168.1.0/24 -- why waste precious bandwidth sharing that useless detail?

That's the only IP address they are sure about, and it's a part of the protocol already. The peer will have t

Re:Zzzzz...

[mollymoo]

The part where the ambulance goes by is pretty funny.

At first I thought that was a lawyer-lawyer jibe and he was about to ask if the other lawyer wanted to chase it. But it was almost that good anyway:

MR. GABRIEL: Why don't you wait until the ambulance passes.
MR. BECKERMAN: I don't think we --
MR. GABRIEL: It may take a while.
MR. BECKERMAN: This is New York, Richard. This isn't Denver. We could be here all day.
MR. GABRIEL: Just try to keep your voice up.

Some "expert"!

[Coopjust]

This guy comes to the conclusion that it was the defendant's computer, even though there is no evidence from hard drive forensics, and he says there is no wireless router since the IP was registered to the house.

Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Some "expert"!

[Coopjust]

He tried very hard not to say that it is always true because it isn't. That is why the lawyer (who clearly doesn't understand internetworking, but had a list of "gothchas") couldn't pin him down to anything.

While you may be right that the alledged KaZaa packets would support that idea, the main problem is that the RIAA expert has *no* way to verify any of his claims.

-He failed to document his forensics- which he believes is not necessary and any other professional would consider "OK". (Riiiight).
-He claims to be an expert on MediaSentry, but doesn't know enough about the program to discuss about potential bugs, the way it works, whether or not it has the ability to be wrong, etc.
-He tries to claim that the evidence proves his case, admits any screenshot can be manipulated, and proceeds to describe how it proves it.
-He admits the forensics, on the entire drive, found *nothing* that would suggest that there were illicit files, much less KaZaa.
-He admits that there was no verification that what Verizon produced was true.

His testimony is full of holes...

Re:Some "expert"!

[tftp]

To me it's crystal clear that they observed someone's Kazaa traffic, but when they snatched the HDD it was some other computer. The reason for that is not some outlandish NAT or Kazaa hack, but simply an IP address confusion (either a true collision, or a wrong DHCP log at Verizon - not that they care.)

Re:Some "expert"!

[NewYorkCountryLawyer]

Exactly. They have no proof who was using the computer or even what computer it was.

I'll go you even one better, they don't even know if the index of song files in the screen shot was on one computer, or represented bits and pieces from a number of different computers (nodes, in KaZaA parlance).

Re:

[Technician]

I think I see a possible show stopper here.. Try this...

Exactly. They have no proof who was using the computer or even what computer it was.

Even better is if they did prove it was the computer. They would have just proven it wasn't running KaZaA. Let me explain;

1 they took an image of the hard drive
2 they did an analysis and said it is not the one they caught with media sentry
3 they have proof of the owner of the account through ISP records
4 the machine was using dial-up.

Correct me if I'm missing somethi

Re:Some "expert"!

[Ungrounded Lightning]

An expert who ignores that there is a subnet mask that gives you a full 4th octet under a single IP either hasn't ever worked with networking, or is not aware of the knowledge they are shelling out to first year students in technical institutes;

The record doesn't show anything like that.

One of the few things he did right was determine that the IP address was assigned to the computer, that NAT wasn't in use. The tool he used does this by extracting and displaying both the "from" IP address on the packet and a copy of the interface's IP address that KaZaA helpfully records in the data part of at least one of the packets of the exchange. This eliminates NAT on routers and wireless access points.

Since the connection was a dialup with a DHCP-assigned dynamic IP address, it would have a single IP address - which eliminates multi-address subnets. The combination of that with "no NAT" eliminates wireless access points and multi-computer home networks. (The computer that dialed up COULD be NATting and forwarding for others, but it WAS the one that ran the KaZaA client.)

But it doesn't eliminate the possibility that the IP was actually assigned to the defendant. There are a lot of ways that could happen. For instance: Maybe the clocks were off between the ISP's logger and the tool that captured the IP address of the "pirate publisher". Maybe the ISP's logs weren't high enough resolution and there was a logon-logoff event. Maybe somebody typoed the IP address somewhere. And a bunch of other possibilities. The MAC address wasn't recorded (or recordable remotely) so they don't have a unique identifier of the computer's wireless card, and even if they did it's possible to hack 'em.

Given that there's no sign of a KaZaA client or music files on the captured hard drive, it seems likely that th identification of the defendant's computer from the ISP's logs and the IP capturing tool output was somehow in error, and they got the wrong victim.

Anyone who knows stuff about court...

[jZnat]

Why is it that Mr. Gabriel is constantly making an objection to form when the judge just keeps denying him with a lack of foundation? Is it a case of throwing enough shit that some will stick?

Re:Anyone who knows stuff about court...

[NewYorkCountryLawyer]

There was no legal basis for making those objections at a deposition. He was just wasting time.

For me to say why he was doing it would be speculation. My guess as to the reason: inexperience.

Re:

[Coopjust]

The other lawyer seemed like a small child; whine if it's something you don't want to hear...I didn't see a single reasonable objection by the prosecution.

Re:

[NewYorkCountryLawyer]

Agreed, based on my 28 years of experience I thought the objections were amateurish.

Re:Anyone who knows stuff about court...

[nudicle]

The lawyer was making those objections because that's how these things work, for better or worse. In these situations, lawyers attend depositions assigned specifically to object to anything remotely objectionable in order to preserve their objections in the future (because otherwise they are lost). If something really damaging happened in one of the answers to an objected question, those lawyers could then bring up the fact that they objected at the time and wouldn't be hosed by failure to preserve the issue. In many cases it's just wasting time, but in the event something goes ill in your deposition, you'll thank your lawyers for so protecting you.

IPV6

[Nom du Keyboard]

There's a spot down in there where the RIAA expert refers to IPV6, and this refers to 2004. That alone should get him laughed out of the tech community.

Not to mention that he maintains he can trace the IP address back to a specific ISP account and computer (emphasis mine). Unless he's a Peeping Tom with a web-cam in the defendant's house, the RIAA should be demanding their money back from him.

Oh, and then there's the place where he maintains that at the time the computer was imaged many months afterwards, that there was no wireless router in use at that time Media Sentry "discovered" this "infringer". Is there a log that keeps records of every IP address you've ever connected with?

And I have to laugh at how he refers to "registered" computers. I thought he was talking about gun registration, or some such thing. I've never heard of my own computer being "registered" to anything. Is this another invented RIAA term, like "Media Distribution System"? Has anyone else ever referred to KaZaA, or any other P2P program, as an MDS? Ray, you can't be letting the RIAA frame the terms of the debate to ignorant Judges.

And don't miss the parts where he says he didn't actually document any of his findings because there was nothing to find, however, you should go through your own copy of the disc to verify my Registry findings that no wireless router was in place. He's supposed to be the expert, and he wants the defense to replicate his findings in the Registry??? Are there any registry experts here? Probably a few, but not many. But he assures us it's there.

Biggest thing is that he says that no KaZaA was present, nor any infringing music files. The only way the RIAA can respond is you sent us the wrong hard drive. No question that the person in question might have actually been innocent. RIAA -- You Bastards!

Glad to know that we helped, Ray! Keep fighting the good fight!

Re:

[NewYorkCountryLawyer]

Thanks, Nom. Yep you picked out some of the many goodies. It was a very fertile outing. I've only had it for a day, and have already cited it in another case [blogspot.com]. Lawyers defending RIAA victims are going to have some fun with it.

Re:

[Quantam]

I gotta say that at least based on probability, I have to go with the RIAA on the matter of whether there was a NAT. The internal/external IP address match is significant; not bullet-proof (it can be spoofed), but probability does suggest that there was no NAT in this instance. Besides that, someone with the knowledge to spoof that would have a reason for doing it; if you can think of a reason somebody would spoof it in that particular way (apart from trying to intentionally incriminate innocent people), fe

Re:

[SmoothTom]

For example, the four computers connected to my Comcast cable IP go through a router who's MAC address claims it is an Apple iMac I haven't had for a number of years, and in fact is probably part of a landfill somewhere...

The reason the router still thinks it's an obsolete iMac is that having the router continue that charade is easier than getting Comcast to regognize a new MAC address, which is needed because my MAC is how they determine I'm not a Comcast customer, but an Earthlink customer via Comcast 'la

and there goes Internet radio

[b3gr33n]

The RIAA lobbyists have been a busy lot. On Friday, they got the Copyright Review Board to grant them a fee based system that will essentially shut down the majority of small Internet Radio stations. Way to go boys. Bring on that corporate commercial media. http://www.radioparadise.com/ [radioparadise.com] http://www.save-internet-radio.com/2007/03/02/save -internet-radio/ [save-internet-radio.com]

Wireless router defense, HDD forensics

[ConfusedSelfHating]

If you have a wireless router, anyone could be sharing files on your network. Even with encryption and MAC filtering, a determined outsider could use your network (they probably would just use one of the "Linksys" SSIDs in the neighborhood instead). The term "war driving" was never brought up, stealing wireless access happens enough to have its own term. Most routers come out of the box without encryption (I don't recall one that does). Non-technical people are just happy their "Internet Explorer works"

Re:

[bendodge]

The Linksys WRT54G does. It has this "Secure Easy Setup" button on the front that trashes your wireless configuration when you press it. (I think you have to connect it to other devices with the same button and then press them all.)

But hey, it's out-of-the-box encryption.

Damn

[Kythe]

I knew Doug Jacobson when I was an engineering student at ISU. He seemed like a decent and knowledgeable guy, very interested in computer security.

I'm very sorry to see he's come to this.

Re:Damn

[NewYorkCountryLawyer]

I think many of his students will be appalled at the actual contents of his testimony.

For example, he teaches a course in "Information Warfare", the entire thrust of which is that the internet is dangerous and insecure in the extreme. He teaches students all about the infinite numbers of vulnerabilities.

Then he testifies that he forms an opinion in 45 minutes based upon some printouts from an investigator who pulled down some screenshots from the internet.... with no verification whatsoever.

And that he's give about 200 such opinions. And so far, 200 out of 200 concluded, without reservation, that there was indeed copyright infringement.

What kind of grade would he issue to a student who handed in work like that?

Re:Damn

[violet16]

I'm not especially techy, but it seems that the general opinion here is much harsher on Jacobson than is really warranted. Obviously most of us here think he's on the wrong side of an important fight, but we need to actually address what he says, not dismiss him because we think he sucks.

The on-topic +5 posts here seem very biased to me. They are insulting towards Jacobsen but fail to identify anything like an actual error in anything he says. The general opinion as to why he's wrong seems to be (a) the RIAA could have faked their screenshots, (b) the application could have been custom-hacked to lie about its private IP address, (c) Jacobson doesn't know exactly how the sniffer technology works. Which is all true. But it's quite unlikely that the RIAA is faking up screenshots so they can accuse completely random people of illegal file sharing, or that the accused custom-hacked their Kazaa client, or that the sniffer tech is totally bogus.

If you're accused of illegal file sharing and you're innocent, I'd imagine plausible reasons why are:
(a) They identified the infringer's IP address correctly but are mistaken in thinking it was assigned to you during the relevant time window; or
(b) The infringement did take place on your IP address but you have an unsecured network (ideally a wireless router) and god knows who did it; or
(c) The infringement did take place on your computer but several people use that and who knows which of them did it.

Unless Verizon screwed up, (a) seems out. And despite what Ray seems hell-bent on establishing, so does (b), given the public IP/private IP match. That strongly suggests it was indeed a single computer with a direct connection to the internet. Now, I know it's not 100% proof. But it seems to be quite likely, and I'd think it certainly sounds plausible to a judge.

Now please correct me if and where I'm wrong! Can we actually find something Jacobson said that's plainly wrong, and not just possibly wrong under unlikely circumstances?

Re:

[NewYorkCountryLawyer]

They're not biased, violet.... They're just pointing out the glaring technical deficiencies and fallacies in Dr. Jacobson's "opinions", and the absence of any proper methodology used by him in arriving at them. I'm not especially techy either, Violet, but this thread is really one for the techies. People like you and I need to step aside and let the tech community vet Dr. Jacobson's "methods". He himself admits he has never published them, or tested them, in any way. We need to let the tech community do its

Re:

[Compholio]

(a) They identified the infringer's IP address correctly but are mistaken in thinking it was assigned to you during the relevant time window; or

This is more complicated than you make it out to be - just because your ISP assigns you an IP address doesn't mean you have to use it. You can very easily spoof someone else's IP, and if you were up to something inappropriate (say, a huge file sharer) you might want to do that. Before you move on and say "but then you can check the MAC address", you can change yo

IP Addresses

[l2718]

Dear Mr. Beckerman, It seems that you misunderstood one point about IP addresses and NATs, which led to a lot of time wasted in the deposition. In a situation where the user's computer hides behind a NAT, it will still have an IP address on the local network (the one on which the user's computer and the NAT reside). The NAT will have two IP addresses (one on the local network and one on the global internet). In this setup, the IP address space on the local network is completely independent of the IP addr

What a joke

[Stevecrox]

After reading that all I can see if the guy evading the question, flat out denying truths, agreeing with them in limited fashions, constantly playing dumb. His investigation methods are borderline incompetent, after reading that huge PDF I could only say he should not be allowed to be a whitness in any case I mean I'm a third year computer engineering student most of my course emphasis has been on networking and hardware rather than this sort of thing but I can see huge holes in his logic.

1.Doesn't verify his sources Beckermans point about "are mediasomethigns and verizons clock synchronised" is a good one espeacially when you consider his point about the nature of IP address's, at the very least he should have requested the lease time of that IP (so when did the subscriber start using the IP and for how long) to verify that the information had a chance of being correct.

2.No set method, the lack of reports and the fact he never made print outs suggests he doesn't have a set method of investigating, which personnally would make me question his investigation techniques this results in a whole list of problems:
2a.means no evidence supporting the defendent was kept, in effect his not impartial and also hurts the defense 2b.suggests he makes it up as he goes along, a "what seems a good idea at the time", as you can clearly see he's missed out on some issues which are important, like confirming the MAC address of the machine and its method of connecting to the internet.

3.Deliberate attempts to twist what hes saying or not sticking to the question an example would be towards the end where he starts talking about IPV4 and finishs with IPV6. I don't know how either works exactly but he should have talked about both seperatly, the use of both at once means he could be dilibertly hiding stuff, when was IPV6 rolled out anyways? Anouther example would be his linking IP address's directly to a PC, no matter how many times Beckerman tried to get him to admit that when accessed through a router the IP address given to the outside world is the routers not the individual PC's. 4.Lack of actual investigation, now I'm not sure what he was exactly hired to do but by the looks of it RIAA hired him to prove and be a whitness to say that a person used Kaza to download and share music. Hes not done that, hes investigated the drive he was sent found no traces of Kaza on it, or any MP3's (I think he indirectly said this) rather than investigate possible explanations for this, for example did the person own two pc's, did they connect to the internet through a router, could this router have been compromised (perhaps unsecured), perhaps then look for security vulnerabilities to see if it was a zombie machine, or for other security problems. Then if he couldn't prove any of that attempt to verify that mediashares information was correct, check it and check verizons and then attempt to co-oberate that information somehow, for example attempt to obtain the MAC address from the hard drive and from mediashares packet information in otherwords to link them up. Otherwise all he can actually claim is that "The pc in question when inspected did not have the Kazaa program on it at any time, nor does it appeared to have or have had the media files that mediasomething accuse the computer of having" His conclusions from his investigation lack any form of imparitality and it appears that he was unwilling to give any real unbiased opinion.

personnaly after reading that disposition I would seriously call into credibility as a expert or even as a whitness. I'm sure better people than I could take apart his disposition its 3am here I'm tired but those are the things that come to my mind at least

Admission he doesn't know whos computer it was

[cojsl]

From p. 88:
Q. But you don't know whose computer it actually was, do you?
A. No.
Q. But your report said it was defendant's computer, so I think you will agree that that's an imprecision in your report.

Objection, your honor!

[violet16]

A few unhelpful observations.

This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:

A. Our company worked with Audible Magic to develop a product to stop peer-to-peer traffic as identified by Audible Magic's proprietary code.
Q. And you are testifying here today that you have no idea how the RIAA reacted to this work that you are doing?
A. That's correct.
Q. Have the press releases issued by Palisade Systems referred to the RIAA?
MR. GABRIEL: I object to the form.
Lack of foundation.
A. I'm sure that some of our press releases have probably mentioned the RIAA.

I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.

This is funny, too:

Q. Based upon your examination of the hard drive which you examined, what evidence did you find that inculpated Marie Lindor personally?
MR. GABRIEL: Object to the form.
Lack of foundation.
A. Would you please define the second-to-last word.
Q. "Her"?
A. No, "inculpated." Would you please define that for me.
Q. Do you not know what the word "inculpated" means?
A. That's correct.
Q. Are you familiar with the word "exculpate"?
A. No.
Q. What is your educational background?
A. Computer engineering.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[GodInHell]

Don't you find it odd that you've never taken any courses in Latin, given the two stated fields of study?

No.

Philosophy at many schools no longer involves an intensive study of latin. You read plato in english translation, and do the best you can to avoid looking to deeply into what 'a priori' really means when you reach Kant. As for the law, law students don't have to learn to analyze latin, they memorize a half dozen turns of phrase that they use alot. "inter alia", "infra", "supra", "stare decisis", etc.

Intelectualism is dead.

-GiH
Yeah, first I was a programer, then I was a philosopher. Now I'm in law sc

This testimony fails a basic test for evidence

[grandpa-geek]

IANAL, but I understand that there are standards for admissibility of scientific evidence, and the questions quoted below (and several that follow) cover them. The most recent ruling is called "Daubert."

Whatever this witness has to say based on his methods is useless because the methods have not been generally accepted and/or there are no peer reviews or tests of the methods' accuracy/reliability and no known level of accuracy/reliability.

Q. Has your method of determining from
the MediaSentry materials whether a particular
computer has been used for uploading or downloading
copyrighted works been tested by any testing body?

A. Not that I have submitted.
Q. Do you know anyone else that is using
your method, other than you?
A. Not that I'm aware of.
Q. Has your method of determining
through the MediaSentry materials whether a
particular computer has been used for uploading or
downloading copyrighted works been subjected to any
form of peer review?
A. Not that I'm aware of.
Q. Has your method of determining from
the MediaSentry materials whether a computer has
been used for uploading or downloading copyrighted
works been published?
A. No.
Q. Is there a known rate of error for
your method?
A. No.
Q. Is there a potential rate of error?
MR. GABRIEL: Object to the form.
A. I guess there is always a potential
of an error.
Q. Do you know of a rate of error?
A. To my process, no.

Q. Are there any standards and controls
over what you have done?
A. No.
Q. Have your methods been generally
accepted in the scientific community?
A. The process has not been vetted
through the scientific community.

Re:This testimony fails a basic test for evidence

[NewYorkCountryLawyer]

You are exactly right on that. There are certain standards. And he satisfied exactly none of them.

Standards for Evidence?

[Proudrooster]

Wow! I just finished reading the ASCII transcript and would be embarassed to bring this case. Just looking at the following facts:

• The "expert" did about 45 minutes worth of work and produced no evidence to support the allegations and produced almost no documentation.
• The "expert" does not fully understand how the software that gathered the evidence functions
• The "expert" does not know if the information he received from the ISP (Verizon/3rd Party) is accurate.
• The "expert" does not know if the clocks were synchronized between the evidence gatherers and the ISP.
• The "expert" can not identify which computer is involved in the allegations.
• The "expert" can not identity what physical person is involved in the allegations.
• The "expert" understands the Internet is insecure and computers can be taken over and remote controlled.
• The "expert" understands there are several methods which could have mistakenly identified the accused, e.g. "ip spoofing".
• The "expert" either lied under oath or is not really an expert when he said he could not make certain determinations about a computer based soley on the harddrive. He stated he could not tell if the computer had a "wireless network card" by looking soley at the registry without the computer that the registry came from. Huh???? Hint to the "expert", look for "WLAN" in the Registry, double hint, WLAN='Wireless LAN'.
• The "expert" could not demonstrate that the files uploaded/downloaded were copyrighted material and simply had a screen shot of some filenames and ip addresses from a 3rd party.
• The "expert" acknowledged that screenshots could be faked.
• The "expert" acknowledged that public IP addresses can change often and could be spoofed

This entire case hinges on screenshots, mystery analysis software "encase", a questionable expert, and an IP address obtained from an ISP. The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."

I suspect that if one were to dig deeper into the so-called evidence, one would learn that information obtained from Verizon is prone to error, and that the procedures for generating the screenshots from KaZaa are based on assumptions which are prone to error and probably performed by monkeys. I want to read the deposition from the "dude/monkey" who took the screenshots, please post that one next.

If I were the lawyer for the defendant, I would already be filing my motion for dismissal "with prejudice" with the award of reasonable lawyer fees for having brought a case without any evidence.

Are there any standards for evidence? Is a printout obtained via supoena really a standard for evidence? If so, I can prove anything you like and as a bonus, I even have a professional certification. :)

Re:

[debrain]

The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."

It's late, and it's been a while since I've done this stuff, so I imagine someone else can do this better, but there's no post up yet.

Rules of evidence (no reference to policy, just rules). Law often works in layers, for example, something likeso:
- General rule: Everything relevant is admi

Re:

[NewYorkCountryLawyer]

Under Federal Rules of Evidence and applicable caselaw expert testimony is admissible only if it meets certain standards. Dr. Jacobson's testimony meets none of those standards and will not be admissible.

Common error on NATed routers

[macemoneta]

There seems to be a common misconception, that I noted in the testimony, that you have to use one of the reserved IP address ranges on the LAN side of a NATed router. In fact, you can use any address at all (I do). The only downside to this practice is if you eventually have to move the NATed host(s) to the WAN side, they need to be re-addressed - and of course, that only applies to hosts with statically assigned IPs.

In other words, by looking at the IP address contained in the payload, there's no way to tell that it was behind a NAT router or not simply because the IP address was not in a reserved range.

Secondarily, since the computer interface IP address is in the packet payload, that is data that is being sent by an application. The application (whatever it was that was communicating with the P2P network) may:

- lie. It could be a hacked version of a P2P standard application,
- allow user configuration of the IP address in the payload (if I remember correctly, some seem to),
- be broken. I assume all versions of all applications that communicate on the indicated P2P network were not vetted for their proper functioning.

Well... if NewYorkCountryLawyer reads this...

[Creepy Crawler]

I've seen Kazaa mess up our DSL connection quite a few times. Now, did we use Kazaa? Nope. (we prefered WinMX and irc, but thats beside the point :-D).

When a user gets on Kazaa, the Kazaa network perpetuates that External IP address through their network. Your external_IP is linked to your kazaa_username. Now, when people search and get your kazaa_username, they hit that IP address. All is fine and good... until you are knocked off of DSL or your dhcp timer is up.

Then, you reconnect using a new external_IP. Now, you have many users on Kazaa that know your username goes to either your old IP or your new IP.

The network trashing occurs to the person who inhabits your OLD external_IP. You see a LOT of bandwidth from users and Kazaa network towards your new IP address. We had a 768/384 Kb connection, and 200 Kb was ate up with garbage from Kazaa from the previous IP inhabitor. This number of garbage connections approaches 0Kb, but never meets it.

Perhaps they detected a residual connection like that.

NAT discussion wasn't thorough enough

[wrook]

Well, I can feel for the defending lawyer, but the NAT discussion didn't quite succeed IMHO. The expert claims that the fact that the Kazaa packet had the public IP address means that the computer wasn't behind NAT. But the lawyer counters with a paper describing how Kazaa (since version 2.0) uses a technique to determine it's public IP address in order to get around certain NAT problems.

This should have been the killer point. I completely trashes the expert's claim of expertness on the protocol. However, the wording was just too confusing for most people to really understand. I'm not a lawyer so I'm not quite sure what could have been done better, but if possible I certainly wouldn't leave it like this.

In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies). A good question would have been "Have you ever seen anything other than a public IP address
in a Kazaa packet?"

If there is another opportunity it would be a good idea to nail this point home. Really, if the expert can't understand how a p2p program defeats NAT by discovering it's public IP address, then he isn't much of an expert. And if you show that having the public IP in the Kazaa packet does *not* mean it was installed on the computer containing the NIC assigned the address, then really they have no information at all...

Re:

[evilviper]

In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies).

(For the record: I don't know Kazaa... I know Gnutella)

P2P programs work fine behind a firewall/NAT, without public IP addresses, and without forwarded ports. The ONLY problem is when BOTH nodes are behind a firewall/NAT. And even there, there is a workaround that can be employed

Re:

[Sangui5]

And even there, there is a workaround that can be employed with the use of a 3rd party that doesn't block incoming connections (though I haven't heard of any P2P protocols currently use this method in the wild).

Skype (which, coincidentally, was written by the same people who wrote Kazaa) uses some of those workarounds to punch through NAT firewalls. I do not know if Kazaa uses them, but the authors of Kazaa could have certainly done so.

The point of all this being, you can share files, without accepting

Funny transcript misunderstanding

[XaXXon]

Embarassingly far down in the document, there's a funny "hear-o"

A. A search on KaZaA can "prop you will gate" from one supernode to another.

I'm guessing he said "propogate"..

A few thoughts from an IT geek

[bbernard]

I see a couple of potentially significant details that got left out here, or that, after reading the deposition, I missed in other people's comments. (Disclaimer: I have no certifications, nor am I a lawyer, so there is no more validity to my comments than those of the RIAA's expert)

1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.

2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.

3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?

4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.

All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?

Re:

[Nom du Keyboard]

Seriously, I had never heard of that word either. It was kind of lame that the lawyer spent so much time drilling him on it.

Don't agree with you at all. After being beaten to death with the word "exculpate" in the Duke Rape Case coverage, as well as enough television lawyer shows, "inculpate" should hardly be unfamiliar to anyone with even a passing interest in the law -- and concept of how words are formed in the English language. There were, IMHO, other more amusing lawyer language in the deposition t

Re:

[GoMMiX]

Yes, to you it may seem odd. However, as a juror I would most certainly be questioning this persons educational background. This guy has a Ph.D., and teaches at a well recognized university - he uses his profession and education to qualify himself as an expert. Showing he lacks in a general area of study moves to discredit him as an expert witness.

It's nothing groundbreaking, and doesn't prove anything about him as a CS expert, but in general it makes him look bad. And if the lawyer were really lucky, he w

lie #2 ignores sharing of router and PC IP address

[Anonymous Coward]

From pages 65 and 66:

10 A. This tells me that there was -- yes.
11 There was no router.
12 Q. How does it tell you that there was
13 no router?
14 A. Through the two --
15 If you look at the second chunk down,
16 you will see the source address at the top and you
17 will see the KaZaA IP address midway through that,
18 and they match and they are both public IP
19 addresses.
20 Q. You said they match?
21 A. Uh-huh. The 141.155.57.198.
22 Q. That's the source?
23 A. And then down below you see the KaZaA
24 IP?
25 Q. Yes.
2

Re:Expert Witness?

[NewYorkCountryLawyer]

He's submitted sworn reports... around 200 of them. But no defendant's lawyer has ever brought him to a deposition before this.

Re:

[Dachannien]

It could also be distressingly misleading if, for example, file sharing was taking place on that IP address when it was assigned to someone else, and shortly thereafter, the computer being examined had received that IP address and successfully re-requested it every time after that.

Re:so sad

[Anomolous Cowturd]

I stopped stealing music when I found out you could just copy it!

Re:

[mamer-retrogamer]

Perhaps you should go back to stealing. It'll cost you less (jail) time and money if you get caught shoplifting a physical CD than if you are accused of making an unauthorized copy of it.

Re:

[Husgaard]

write a simple program that given some basic parameters generates a ton of "evidence"

A web site that generates faked "evidence" of filesharing with a name and an IP of your choosing exists in Sweden [piratbyran.org].