RIAA's 'Expert' Witness Testimony Now Online

NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"

One quick thought about licensure

I saw something in the transcript that I wanted to point out before anyone else here criticizes Jacobson on it:

Q. By what body are you certified as an engineer?
A. By no professional society.
Q. No professional society? Is there any organization that has certified you as an engineer?
A. No.
Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --
Q. Are you part of any body the members of which are peer-regulated?
A. Can you give me an example of what you are --
Q. A lawyer, an architect, an accountant. I thought an engineer had to be certified by a peer-regulated body.
A. To be called a professional engineer they do.
Q. So are you not a professional engineer?
A. I do not have a PE license.

Based on his Jacobson's research page [iastate.edu]. It looks like Jacob's, a professor "on the faculty of Electrical and Computer Engineering", is a computer engineer. Given that, the above statement is totally understandable As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE. (Not a single computer engineering professor in my University is). PE's are common in engineering professions where somebody needs to sign off on the final product - civil engineering especially, and mechanical engineering to a lesser extent.

Re:One quick thought about licensure

I'm a Computer Engineer and a Professional Engineer. If I testify in legal proceedings, I am required to adhere to specific professional standards. My certifying body takes our legal obligations fairly seriously. A customer would be wise to hire properly licensed engineers for matters involving legal responsibility and/or large contracts. Amongst other requirements, licensed engineering firms require liability insurance, so if things go bad, the customer has some recourse. We also have ethical standards constraining what we can say or do.

Re:One quick thought about licensure

I would expect my licensing body would get annoyed with me if I spent "45 minutes" (Page 54) drafting a report that was used as part of litigation. They expect that Professional Engineers check our facts so as not to mislead a jury. This avoids sequences of questions like that from Page 42, where the witness essentially admits:

a) he did not look for alternative explanations,

b) he did not check how accurate his findings were (potential rate of error),

c) he has no standards or controls,

d) he is not using published methods accepted by the scientific community, and

e) has no way of determining if the information given to him was correct.

It is considered a substantial problem if a Professional Engineer misleads a jury, as it can pervert justice. As such, it is very important for the legal duties be taken seriously and with the required standards of care.

Re:One quick thought about licensure

As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE.

Way off-topic, but programming desperately needs the kind of accountability and professionalism that 'real' engineering has. We're around where engineering was 100 years ago just now, with a hundred different screw threads and steam engines which explode in your face. 'software engineering' may be an academic discipline, but 'professional' (in their execution) software engineers are few and far between and professionally engineered software is rarer still. The lawyer is making a valid point.

Before you ask, I am a professional (it's my job) programmer. I'd love to be an engineer. I'd love to work somewhere where those kind of standards were applied. I'd get a CS degree (mine is in Physics), but those programmers I've worked with who have CS degrees don't seem much more engineer-like in their application than those without. Too much hacking, not enough engineering. Perhaps civil engineers would be the same if every bridge had "this bridge comes with no warranty, either express or implied" written into the contract.

Re:One quick thought about licensure

As far as licensing, one of the turning points happened when a school in Texas blew up as a result of faulty engineering. Public outcry caused them to pass the strictest engineering accountability standards in the nation. (IANAL - if you are are not an NSPE licensed engineer, but your business card calls you an engineer, and you happen to be passing through Texas, DO NOT put your business card in any of those put-your-business-card-in-here-to-win-something fishbowls. I've been told people have been prosecuted for this under the licensing laws)

The FE Exam

I'm currently studying for the spring Fundamentals of Engineering exam (FE). After taking this exam and working in the field of engineering for 5 years, you can take the Professional Engineering (PE) exam. Its not the easiest test in the world, and its a big pain in the arse. That said, I think a computer science student would have a particularly hard time with it. The morning session (general) is composed of several subjects including chemistry, strengths of materials, physics, thermodynamics, fluid mechanics, a small ethics session, etc. Basically all engineering knowledge known up to 1935, updated to the modern day. Everyone has to take the general session, and I think Comp sci students would struggle with it.

The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.

As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.

Re:One quick thought about licensure

Because he is not a professional engineer, there is nothing really keeping him from being a talking head in court. On the witness stand, he could be totally honest and forthcoming, or he could totally sell out the the RIAA and say whatever they wanted him to say. The only thing at stake is his reputation, if he is later discredited. However, a professional engineer would lose their license if they were shown to have acted fraudulently or negligently, and thus their career, profession, and ability to make a living.

It's fine to give a professor the benefit of the doubt when you attend his/her lecture. Doing so in a courtroom seems an act of extreme naivety.

Here's something to question...

15 Q. Does a MAC address tell you if a
16 device is wired or wireless?
17 A. If you can see the MAC address of the
18 transmitting device you could see whether that
19 device was wired or wireless.

This is flat-out wrong. Yes, you CAN find the OUI [wikipedia.org] that might well give you enough information to find out who made the hardware. The problem is that you can change the whole damn MAC address. Conveniently, Wikipedia even has instructions on how to change your MAC [wikipedia.org] on many OSes, although there's an illustrated guide on changing your MAC [nthelp.com], elsewhere.

This guy may know a bit of programming, but this kind of stuff makes it pretty clear to me that he has no idea how people can and do manipulate information. It's pretty clear to me that he's done little more than investigate only those things which might support their case and has completely ignored anything which might cast doubt upon it.

Respect

Respect to you Ray.
I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
And it's nice to see that the community could have been of help.
All the best.

Re:Respect

Thank you, light.

(You don't mind if I call you by your first name, do you?)

Re:Respect

It doesn't mean a thing. In a deposition it's a totally inappropriate objection. And there was probably not a single instance in which it would have been an appropriate objection at trial.

At a trial "lack of foundation" means the lawyer's question has leapfrogged over some other material that would have been needed ... i.e. laying a foundation.

But since I would only be crossexamining this guy, lack of foundation would not have been an appropriate objection to my questions there either.

I.e., the RIAA lawyer, hopefully out of inexperience rather than calculated dilatoriness, was wasting our precious time.

Some "expert"!

This guy comes to the conclusion that it was the defendant's computer, even though there is no evidence from hard drive forensics, and he says there is no wireless router since the IP was registered to the house.

Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.

Re:Some "expert"!

To me it's crystal clear that they observed someone's Kazaa traffic, but when they snatched the HDD it was some other computer. The reason for that is not some outlandish NAT or Kazaa hack, but simply an IP address confusion (either a true collision, or a wrong DHCP log at Verizon - not that they care.)

Re:Some "expert"!

Exactly. They have no proof who was using the computer or even what computer it was.

I'll go you even one better, they don't even know if the index of song files in the screen shot was on one computer, or represented bits and pieces from a number of different computers (nodes, in KaZaA parlance).

Re:Some "expert"!

He tried very hard not to say that it is always true because it isn't. That is why the lawyer (who clearly doesn't understand internetworking, but had a list of "gothchas") couldn't pin him down to anything.

While you may be right that the alledged KaZaa packets would support that idea, the main problem is that the RIAA expert has *no* way to verify any of his claims.

-He failed to document his forensics- which he believes is not necessary and any other professional would consider "OK". (Riiiight).
-He claims to be an expert on MediaSentry, but doesn't know enough about the program to discuss about potential bugs, the way it works, whether or not it has the ability to be wrong, etc.
-He tries to claim that the evidence proves his case, admits any screenshot can be manipulated, and proceeds to describe how it proves it.
-He admits the forensics, on the entire drive, found *nothing* that would suggest that there were illicit files, much less KaZaa.
-He admits that there was no verification that what Verizon produced was true.

His testimony is full of holes...

IPV6

There's a spot down in there where the RIAA expert refers to IPV6, and this refers to 2004. That alone should get him laughed out of the tech community.

Not to mention that he maintains he can trace the IP address back to a specific ISP account and computer (emphasis mine). Unless he's a Peeping Tom with a web-cam in the defendant's house, the RIAA should be demanding their money back from him.

Oh, and then there's the place where he maintains that at the time the computer was imaged many months afterwards, that there was no wireless router in use at that time Media Sentry "discovered" this "infringer". Is there a log that keeps records of every IP address you've ever connected with?

And I have to laugh at how he refers to "registered" computers. I thought he was talking about gun registration, or some such thing. I've never heard of my own computer being "registered" to anything. Is this another invented RIAA term, like "Media Distribution System"? Has anyone else ever referred to KaZaA, or any other P2P program, as an MDS? Ray, you can't be letting the RIAA frame the terms of the debate to ignorant Judges.

And don't miss the parts where he says he didn't actually document any of his findings because there was nothing to find, however, you should go through your own copy of the disc to verify my Registry findings that no wireless router was in place. He's supposed to be the expert, and he wants the defense to replicate his findings in the Registry??? Are there any registry experts here? Probably a few, but not many. But he assures us it's there.

Biggest thing is that he says that no KaZaA was present, nor any infringing music files. The only way the RIAA can respond is you sent us the wrong hard drive. No question that the person in question might have actually been innocent. RIAA -- You Bastards!

Glad to know that we helped, Ray! Keep fighting the good fight!

Objection, your honor!

A few unhelpful observations.

This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:

A. Our company worked with Audible Magic to develop a product to stop peer-to-peer traffic as identified by Audible Magic's proprietary code.
Q. And you are testifying here today that you have no idea how the RIAA reacted to this work that you are doing?
A. That's correct.
Q. Have the press releases issued by Palisade Systems referred to the RIAA?
MR. GABRIEL: I object to the form.
Lack of foundation.
A. I'm sure that some of our press releases have probably mentioned the RIAA.

I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.

This is funny, too:

Q. Based upon your examination of the hard drive which you examined, what evidence did you find that inculpated Marie Lindor personally?
MR. GABRIEL: Object to the form.
Lack of foundation.
A. Would you please define the second-to-last word.
Q. "Her"?
A. No, "inculpated." Would you please define that for me.
Q. Do you not know what the word "inculpated" means?
A. That's correct.
Q. Are you familiar with the word "exculpate"?
A. No.
Q. What is your educational background?
A. Computer engineering.

This testimony fails a basic test for evidence

IANAL, but I understand that there are standards for admissibility of scientific evidence, and the questions quoted below (and several that follow) cover them. The most recent ruling is called "Daubert."

Whatever this witness has to say based on his methods is useless because the methods have not been generally accepted and/or there are no peer reviews or tests of the methods' accuracy/reliability and no known level of accuracy/reliability.

Q. Has your method of determining from
the MediaSentry materials whether a particular
computer has been used for uploading or downloading
copyrighted works been tested by any testing body?

A. Not that I have submitted.
Q. Do you know anyone else that is using
your method, other than you?
A. Not that I'm aware of.
Q. Has your method of determining
through the MediaSentry materials whether a
particular computer has been used for uploading or
downloading copyrighted works been subjected to any
form of peer review?
A. Not that I'm aware of.
Q. Has your method of determining from
the MediaSentry materials whether a computer has
been used for uploading or downloading copyrighted
works been published?
A. No.
Q. Is there a known rate of error for
your method?
A. No.
Q. Is there a potential rate of error?
MR. GABRIEL: Object to the form.
A. I guess there is always a potential
of an error.
Q. Do you know of a rate of error?
A. To my process, no.

Q. Are there any standards and controls
over what you have done?
A. No.
Q. Have your methods been generally
accepted in the scientific community?
A. The process has not been vetted
through the scientific community.

Standards for Evidence?

Wow! I just finished reading the ASCII transcript and would be embarassed to bring this case. Just looking at the following facts:

• The "expert" did about 45 minutes worth of work and produced no evidence to support the allegations and produced almost no documentation.
• The "expert" does not fully understand how the software that gathered the evidence functions
• The "expert" does not know if the information he received from the ISP (Verizon/3rd Party) is accurate.
• The "expert" does not know if the clocks were synchronized between the evidence gatherers and the ISP.
• The "expert" can not identify which computer is involved in the allegations.
• The "expert" can not identity what physical person is involved in the allegations.
• The "expert" understands the Internet is insecure and computers can be taken over and remote controlled.
• The "expert" understands there are several methods which could have mistakenly identified the accused, e.g. "ip spoofing".
• The "expert" either lied under oath or is not really an expert when he said he could not make certain determinations about a computer based soley on the harddrive. He stated he could not tell if the computer had a "wireless network card" by looking soley at the registry without the computer that the registry came from. Huh???? Hint to the "expert", look for "WLAN" in the Registry, double hint, WLAN='Wireless LAN'.
• The "expert" could not demonstrate that the files uploaded/downloaded were copyrighted material and simply had a screen shot of some filenames and ip addresses from a 3rd party.
• The "expert" acknowledged that screenshots could be faked.
• The "expert" acknowledged that public IP addresses can change often and could be spoofed

This entire case hinges on screenshots, mystery analysis software "encase", a questionable expert, and an IP address obtained from an ISP. The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."

I suspect that if one were to dig deeper into the so-called evidence, one would learn that information obtained from Verizon is prone to error, and that the procedures for generating the screenshots from KaZaa are based on assumptions which are prone to error and probably performed by monkeys. I want to read the deposition from the "dude/monkey" who took the screenshots, please post that one next.

If I were the lawyer for the defendant, I would already be filing my motion for dismissal "with prejudice" with the award of reasonable lawyer fees for having brought a case without any evidence.

Are there any standards for evidence? Is a printout obtained via supoena really a standard for evidence? If so, I can prove anything you like and as a bonus, I even have a professional certification. :)

Re:Anyone who knows stuff about court...

There was no legal basis for making those objections at a deposition. He was just wasting time.

For me to say why he was doing it would be speculation. My guess as to the reason: inexperience.

Re:Anyone who knows stuff about court...

The lawyer was making those objections because that's how these things work, for better or worse. In these situations, lawyers attend depositions assigned specifically to object to anything remotely objectionable in order to preserve their objections in the future (because otherwise they are lost). If something really damaging happened in one of the answers to an objected question, those lawyers could then bring up the fact that they objected at the time and wouldn't be hosed by failure to preserve the issue. In many cases it's just wasting time, but in the event something goes ill in your deposition, you'll thank your lawyers for so protecting you.

Re:Not Chappelle too!

This is not an option nigger, share the file or we have a problem.

Re:Damn

I think many of his students will be appalled at the actual contents of his testimony.

For example, he teaches a course in "Information Warfare", the entire thrust of which is that the internet is dangerous and insecure in the extreme. He teaches students all about the infinite numbers of vulnerabilities.

Then he testifies that he forms an opinion in 45 minutes based upon some printouts from an investigator who pulled down some screenshots from the internet.... with no verification whatsoever.

And that he's give about 200 such opinions. And so far, 200 out of 200 concluded, without reservation, that there was indeed copyright infringement.

What kind of grade would he issue to a student who handed in work like that?

Re:Expert Witness?

He's submitted sworn reports... around 200 of them. But no defendant's lawyer has ever brought him to a deposition before this.

Re:Zzzzz...

The part where the ambulance goes by is pretty funny.

At first I thought that was a lawyer-lawyer jibe and he was about to ask if the other lawyer wanted to chase it. But it was almost that good anyway:

MR. GABRIEL: Why don't you wait until the ambulance passes.
MR. BECKERMAN: I don't think we --
MR. GABRIEL: It may take a while.
MR. BECKERMAN: This is New York, Richard. This isn't Denver. We could be here all day.
MR. GABRIEL: Just try to keep your voice up.