Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Education Government Media Music The Courts Your Rights Online News

MIT Releases Subpoenaed Student's Info 84

An anonymous reader submits: "MIT has released the name of the alleged infringer whose information was subpoenaed by the RIAA. The student's position? He was (1) not in the country at the time of the infringement, (2) he does not own a computer, and (3) he is not, and has never been, associated with the username in question (crazyface@KaZaA). MIT initially opposed the subpeona, but the RIAA refiled with the proper court."
This discussion has been archived. No new comments can be posted.

MIT Releases Subpoenaed Student's Info

Comments Filter:
  • .. the RIAA settle this one for $2000.

  • by strider415 ( 28205 ) on Wednesday September 10, 2003 @08:35AM (#6920503)
    Yeah right..

    • MIT and no computer? Yeah right.

      Keep in mind how they measure things when they don't have a measuring device [astrian.net]. Who says they aren't equally creative when it comes to computing things with out a computing device?

      -- MarkusQ

      P.S. That's what my wife (an MIT grad) claims to be doing sometimes when she stares off into space. Since the result often conflicts with my pet theory of the moment, I'm not sure how accurate the process is though.

    • by Anonymous Coward
      Hey, I didn't have one for most of my time at MIT. There are computer clusters everywhere - not too much need to have one in your room.

      And I was course 6 (EECS).
      • When was that? Before they wired all the dorms with ethernet? You mentioned clusters so I am guessing you were there after they moved the computer center out of building 39 and into the builidng fishbowl on the infinete corridor and the Athena cluster in the SCC.

        I think MIT when downhill after students were not encouraged to sleep in the SCC library.

    • There are ridiculous amounts of public computer clusters (well, accessable with an MIT account) all over campus, including in the dormitories. Everywhere you turn there is either a Quickstation for checking e-mail (using Sunblades to do so, no less...talk about overkill). The main cluster in the Student Center must have at least 150 to 200 systems, including Sunblades and new Dell PCs running Linux.

      It is very, very easy to make it through MIT without your own computer.
    • Most computer science majors I knew at MIT ('96-'00) didn't have a computer, and yet most business majors (myself included) had the latest ThinkPads. Though come to think of it, the underpowered Sun workstations in the clusters were plenty powerful enough to gcc comp-sci projects, while business majors needed powerful notebooks for their wizzy Powerpoint 2000 presentations.

      I'd say the situation was "ironic" but I'm afraid someone will correct me...

    • Actually, it's a lot easier at a place like MIT to get by without a machine of your own, because they're all over the place. I go to a respectably wired university, and I haven't bothered getting a laptop because there are labs everywhere, and many of the classrooms even have computers. My box probably gets rather lonely, as I spend a lot of my time in labs (like now) ostensibly doing classwork.

      On another note, his story is perfectly believable. We have MAC address registration at my university as well,
  • Er...Dude... (Score:3, Interesting)

    by Oddly_Drac ( 625066 ) on Wednesday September 10, 2003 @08:36AM (#6920513)
    "For example, you might have registered a machine, and given that machine, sold that machine to another MIT student," Bruce said. "Unless that person goes to inordinate lengths to re-register the machine, it's still going to have your registration."

    This is getting beyond a joke. The 'registration' talked about is the @Kazaa, as far as I can see, and you can change that in seconds

    This gets even sillier if they mean the IP.

    • Re:Er...Dude... (Score:5, Informative)

      by jtev ( 133871 ) on Wednesday September 10, 2003 @08:40AM (#6920556) Journal
      No, it's about registering the MAC address to get an IP address with MIT. the KaZaA registration is a totaly different issue. It was the owner of the IP address that was subpeonaed, and he was out of the country.
      • "No, it's about registering the MAC address to get an IP address with MIT. the KaZaA registration is a totaly different issue."

        Thanks. I'll be spending the rest of today digging egg out of my assorted facial orifices.

      • OK-

        Big question -

        There are hardware devices (personal firewalls) that allow you to CHANGE the broadcasted MAC address on the fly. If I installed one of those in my dorm at MIT, and kept changing and re-registering my new MAC addresses, I would have, theoretically, obtained multiple IP addresses also. Or, better yet, I could just change my broadcasted MAC address to one that I know is already registered. Viola - I'm now "using someone else's computer" without physically doing so.
        • Unless their machine is currently plugged in somewhere else, then you get MAC conflicts. Ugliness ensues.
        • Re:Er...Dude... (Score:4, Interesting)

          by dougmc ( 70836 ) <dougmc+slashdot@frenzied.us> on Wednesday September 10, 2003 @11:13AM (#6922219) Homepage
          There are hardware devices (personal firewalls) that allow you to CHANGE the broadcasted MAC address on the fly.
          You don't need a personal firewall to do this. You can do it with many (most? all?) ethernet cards as well.

          I would have, theoretically, obtained multiple IP addresses
          Except that the system requires you to `log in' with each new MAC address ...

          Or, better yet, I could just change my broadcasted MAC address to one that I know is already registered.
          That would certainly do it.

          So, are MAC addresses about to become as `sensitive' as social sercurity numbers? (of course, just like your SSN, your MAC address is broadcast with every packet you send out, at least to the first router :) )

          • that's ridiculous- any organization of any small size is going to have everything behind NAT, so nobody is going to be doing any MAC-address *anything*
            • Re:Er...Dude... (Score:3, Interesting)

              by dougmc ( 70836 )

              any organization of any small size is going to have everything behind NAT

              So, do you consider MIT to be an organization of any small size? I'm not aware of any schools that put their dorms behind a NAT. I haven't been paying attention lately, but it used to be that A&M was the only large school that even put their dorms behind a firewall (and it wasn't a NAT)!

              Or an ISP? AOL is the only ISP of any size that I'm aware of that puts it's customers behind a NAT.

              so nobody is going to be doing any

              • Hmmm- so every MIT-Dorm computer is directly accessible from a public IP?

                I don't really know the answer to that question but I'm guessing it's "no"

                My point being that any organization larger than a fe people is likely to have a firewall doing NAT-
                Meaning that *only* the orginization itself will be able to see mac addresses and be able to tie them to individual users.

                Contrast to "no nat", and the ISP would be able to see thse things.
                • Hmmm- so every MIT-Dorm computer is directly accessible from a public IP? I don't really know the answer to that question but I'm guessing it's "no"

                  I'm not familiar with MIT specifically, but most universites *are* set up that way.

                  My point being that any organization larger than a fe people is likely to have a firewall doing NAT-

                  Incorrect. Businesses usually put their users behind a NAT, but ISPs rarely do, and schools rarely do as well. End users do not want usually want to be behind a NAT --

            • A managed switch registers MAC-addresses.
              A DHCP server knows MAC-addresses.
              Almost anything behind the NAT has ready access to the MAC-addresses.

              Anybody who actually knows anything about this stuff could expound further.
          • If the RIAA would just sue more people, more consistantly, this would be a great way to screw over evil people in ones dorm!
    • No apparently at MIT when you bring in a new MAC address when you try to use the web you are automatically redirected to a registration page.
      Apparently the ip address of the infinger was the MAC address that got registered as this guy. He says he may have borrowed someones computer but doesn't remember (He probably does but is trying to cover I bet if stuck with being sued he'll probably tell).
      • Apparently the ip address of the infinger was the MAC address that got registered as this guy. He says he may have borrowed someones computer but doesn't remember (He probably does but is trying to cover I bet if stuck with being sued he'll probably tell).

        Only if he's weak/doesn't have a good lawyer.
        I'm not in USA, but I would guess that he can't be prosecuted for poor memory. The RIAA would have to prove he can remember and then sub-poena him for the name of the dude he borrowed the PC from.
        If he didn't
  • Twisted (Score:3, Informative)

    by 4of12 ( 97621 ) on Wednesday September 10, 2003 @09:06AM (#6920785) Homepage Journal

    Sounds like the guy in question had unofficially let someone else use his computer, account, etc.

    I kind of like the idea of RIAA making a big fuss and pursuing legal action and then turning out to be wrong.

    It helps shine a light on their gestapo tactics.

    It may not slow them down too much, but the publicity helps to make them look like ravenous wolves out to get "whoever".

    That kind of PR will erode their support from government.

    • Re:Twisted (Score:5, Informative)

      by rjw57 ( 532004 ) <richwareham@nOspam.users.sourceforge.net> on Wednesday September 10, 2003 @09:46AM (#6921183) Homepage Journal
      Sounds like the guy in question had unofficially let someone else use his computer, account, etc.

      Not quite. From what I can gather MIT have a system whereby as soon as a un-recognised MAC-address hits the network, the machine is DHCP-d a temporary IP and a all web-traffic is relocated to a registration page.

      On this page, a valid MIT id and password is entered then the temporary IP becomes 'attached' to that MAC address with the MIT id used stored in a DB somewhere.

      Hence just having an IP registered to a particular user is just an indication that that guy/guyess was the first to use the machine, not that its theirs or that they even have an account on it.

      In fact, if all MIT students registered their machines under a common id (e.g. riaasuckmyballs) then there would suddenly seem to be one big pirate there :)

      The system as it stands will probably just match an IP to a person who once used the machine in question.

      • I suspect that MIT has a clause in their AUP stating that you're not to let others utilize your machine and that you are responsible for anything that any other person may do with the resources you've been assigned. The RIAA can trot that out and it will probably convince a judge or jury that the someone else was using my account defense is invalid. As I see it, the only real option in this case is to try to show that you were hax0red (in essence that whoever used KaZaa on that system had no permission to

        • I don't see the logic there - the RIAA can't sue a guy for breaking MIT's AUP.
          • he didn't even have to break MIT's aup.

            as the system works just so that every new mac address to get activated one has to enter user/pass once for that mac.

            of course, this doesn't sound like a very good system to me, as you can quite easily end up completely lost on who is using it actually. heck, somebody could be reselling pre-activated cards, or have some driver that allowed changing of mac and go through dozens or just use one he knew to work, but that wasn't in the same segment..

            here they'll know pr
            • Proxies won't matter; the RIAA will simply go after the proxy operator. A strong legal argument could be easily made that the operator of the proxy is responsible for all traffic relayed by the proxy.

              As to Freenet, that's what the RIAA wants. If they make it so that it takes a day to get a song, the casual users will disappear.

              • Re:Twisted (Score:3, Informative)

                by gl4ss ( 559668 )
                as to freenet, it's main problem is the lack of users, and the public notion that it sucks because it is slow, things like frost and fuqid have made inserting files a lot easier.

                all the popular top ten hits would get very well spread i would say, even now you can get selected mp3's at ~10-30kbyte/s easily from freenet, i guess much faster if you run a permanent node with a big datastore(heck, run a big enough datastore and the chances are that those pop songs are in your store mostly already and you'll get
              • A strong legal argument could be easily made that the operator of the proxy is responsible for all traffic relayed by the proxy.

                Really? Then I hope no drug dealers get busted in front of my house, on the sidewalk I am legally obligated to maintain.

          • Among other things, bringing the violation of a contract into the court (it is germane to the case as the violation is admitted to as part of the defense) would be used to reflect on the character of the defendant. It would also be used to demonstrate that the defendant can't in good faith use that defense.

            • Except he was out of the country.
              • That still doesn't change the fact that he violated the AUP by allowing someone else to use resources owned by or registered to) him.

                • Re:Twisted (Score:3, Insightful)

                  by amcguinn ( 549297 )
                  And that doesn't change the fact that the RIAA isn't suing him for violating MIT's AUP.

                  If he's got an alibi, then he didn't infringe the plaintiff's copyright. If they say "but you must have broken the AUP!", he can say "I guess I must have, but I didn't download those files."

                  If MIT then want to have a go at him for breaking the AUP, that's fine, but I imagine they're not in the habit of suing their students.

                • Except he may not have done that. Using someone else's computer is unlikely to be a violation of the AUP, and that appears to have been sufficient to "register" that computer to the defendant in MIT's database (bad idea). What the computer owner does before and after is not under the control of the person who happened to be borrowing it, and cannot be their responsibility in any moral or even legal sense; they would have to at least have had knowledge of the act.

                  MIT would probably have handled this best by

        • I suspect that MIT has a clause in their AUP stating that you're not to let others utilize your machine and that you are responsible for anything that any other person may do with the resources you've been assigned. ,/I>

          MIT may have this, but it's more than likely not legal.

          Good example, your car... I am not responsible for the damages you cause if I loan it to you and you crash into a gas station. Now, I will have to prove to the cops that it wasn't me driving if you hit and run, but beyond that,
          • IANAL, but you're quite wrong about that. In Illinois at least, and I believe most of the US, you are often responsible for things someone does when you loan them a car.

            If some extremely unpredictable act happens your insurance will be liable before theirs, if your insurance covers that person driving (most do) In that way you're being fiscally responsible.

            More importantly, if the plaintiff can show that you knew or should have known they were a poor driver, you then can be liable for having put a weapo
      • It seems this would be an MIT mistake, not an RIAA mistake. I would assume the subpoena was for the person using the IP address x.x.x.x at X day and time. I am assuming MIT uses some kind of proxy server or NAT (something where every computer doesn't have a routable IP that the RIAA could get). MIT looked at their records and gave them a bogus name, because their tracking system sucks and is bogus. This says less about the RIAAs method of tracking and more about MITs method of tracking.
        • MIT has an entire class A block. They have no need to use NAT or private addresses.
        • Not true. Most of the time, a certain group or building gets the block 18.y.x.z (where y is fixed). The static IPs usually get a certain amount of that (e.g. x = 0-8) and the DHCP server gives out IPs out of another block (e.g. x = 9-12). In my dorm (I'm a course 18 undergrad), for example, the statics come out of x = 0 or 1, and the dynamics come out of x = 5 or 6. (this is sort of sick, given that my dorm has only 93 residents).

          Sometimes, if a "community" computer needs renewing, or if you're using i
  • Bound to happen (Score:5, Insightful)

    by redelm ( 54142 ) on Wednesday September 10, 2003 @09:07AM (#6920794) Homepage
    With the RIAAs gill-net fishing technique, they're bound to catch some innocents.

    The real question is how long this sort of trawling will be allowed. The student could get the case dismissed on summary judgement, and the RIAA seriously admonished about bringing frivolous lawsuits.

  • aha! (Score:5, Funny)

    by Joe the Lesser ( 533425 ) on Wednesday September 10, 2003 @09:09AM (#6920806) Homepage Journal
    "In particular, on June 27, at the time of the alleged infringement, I was in Romania."

    So that means he's actually under the authority of the Romanian Industry and Art Association right?
    • Re:aha! (Score:1, Funny)

      by Anonymous Coward
      Informative? How the fuck is this possibly informative? Funny, yes, but fucking not informative.
  • by narratorDan ( 137402 ) <narratordan@gmail.com> on Wednesday September 10, 2003 @09:17AM (#6920891)
    The problem with using the MAC address is that it can be changed or covered up, and since this is MIT how many folks do you think now how to change it?

    And according to the article, he was out of town (way out, like Romania) and therefor could not be the person who set up the computer. Since he can prove that he was out of the US I don't think that he will have to make any deals to save his ass.

    NarratorDan
  • His name was Claudiu Prisnel.
    His name was Claudiu Prisnel.
  • A Setup?? (Score:3, Interesting)

    by bluesangria ( 140909 ) on Wednesday September 10, 2003 @12:06PM (#6922593)
    What happens if the student does win this case? Doesn't that mean that the method the RIAA uses to subpoena users comes into question? Is this something MIT planned (maybe just a little) knowing that courts cannot hold accountable a person who has a solid alibi?? After all, even a civil lawsuit has to show the person was responsible for copyright infringement. Just wondering....
    • i doubt it means much of anything if the student wins, except that the student doesn't have to pay. the flaw isn't so much in the RIAA's methods as with MIT's ability to track a user down based on the information they had.

      i suppose that could mean MIT has to face legal trouble for record-keeping negligence, but since some ISPs offer lack of records as a privacy service, i imagine not.

      i'm not a lawyer, but don't get your hopes up that a loss here would mean anything big or in any way stop or slow the RIAA
  • by LastToKnow ( 449735 ) on Wednesday September 10, 2003 @12:30PM (#6922792) Homepage
    "Lets sue some little girl with no money! Oops, maybe that wasn't such a hot idea. I know, I know! Lets get some student who doesn't have a computer at all! That'll learn 'em!"
  • A modest proposal (Score:3, Interesting)

    by rworne ( 538610 ) on Wednesday September 10, 2003 @02:33PM (#6923981) Homepage
    What we have here is the same need to swap identifying info that those who are members of grocery-store "club cards" are doing:

    Get a bunch of fellow college students together (the more, the merrier) and organize a group buy of a bunch of NICs.

    Everyone registers their NIC with the university, and then swap the cards amongst yourselves in a double-blind fashion. When questioned about it later, just call it an administrative screw-up or just say you sold the card to another university student and you no longer remember who it is.

    If this activity is rampant enough, we can regain anonymity on college campus networks.
    • I like your idea, except for the fact that you run a high risk of getting subpoenaed for something you didn't do. And you will probably not have such a good alibi. While the dust clears, your life might be a pretty ugly turmoil.

      Every time you share on a P2P network, RIAA kills a kitten.
      Please think of the kittens.


      Oh, but I do.
      I hate kittens.
  • Capture some Kazaa usernames, perform a tracert to follow the usernames traffic back to it's origin so they can shotgun subpoena the the infringers?

    Hey Martha - Get out the Nachos. This s**t's gonna be /REAL/ finger pointing comedy as soon as they hit a company that's using one of those simpleminded ISP "gateway" routers with NAT & DHCP!

    RIAA: {looks at list of IP #'s) There's the Perp's PC with IP Address we're looking for! Seize it!

    Company: Nope, that's just a Dos Print Server.

    RIAA: {looks at list
    • I'm an officer in a student computing organization at a major american university. We have a netblock (/26) that we partially administer, and we were forwarded a complaint from the security dude here made by the BSA about a copy of Norton AV... on an IP address that had not been in any use at all for several months, and which had a barely-used VMS VAX before that, certainly not a common target for breakins and warez.

      These organizations really do sometimes have bad information.
  • scheduling files (Score:2, Insightful)

    by Gryftir ( 161058 )
    Technically it is possible to schedule files to download while you aren't at your computer.

    The MIT student could have scheduled the files to download at a certain time, though I'm not aware of a specific program that does this.

    Of course it would be damn hard to prove that he did so, especially if they haven't gotten a chance to look at the computer.
  • It is possible (Score:3, Informative)

    by ScottyB ( 13347 ) on Wednesday September 10, 2003 @10:38PM (#6927639)
    MIT's IP numbers in living groups (like fraternities, where the guy revealed lived) are assigned typically by a network admin at the house who registers the person's machine on the network.

    It is very possible, especially over the summer, for one of the temporary residents (females from other schools typically at the fraternities) to just pick an IP from the block assigned to the house and end up looking like the user who originally registered the IP. There are no network checks to verify a MAC address unless you are using DHCP.

    And if you registered a computer you borrowed under your account with DHCP, unless you specifically unregister it someone else could continue using the computer even though it's IP entries are registered to you (I even don't know how to do that on MIT's network, and I go to school there).

    So, long story short, this guy's claims are very possible, especially if he has people that back up his claim that he borrowed the computer. If this guy really was in Romania, I imagine someone else actually committed the infringement, but those records would be impossible to find since you don't have to log in with your MIT account every time you use MIT's Internet access.
  • by scosol ( 127202 ) on Wednesday September 10, 2003 @11:19PM (#6927813) Homepage
    The RIAA is suing people who are *sharing* files, not *downloading* files.

    Get that through your head.

    It's entirely conceivable that this guy left Kazaa running while going away to Romania, with all his stuff shared.
    I dunno- that's kinda how the shit works when you've got a permanent connection.
    To give back, you leave the stuff running even while you're not there.
    • There are 2 things wrong with what you said though. First, he claims that he doesn't own a computer. Granted, that could be total BS, but I believe him. Second, you can download files from Kazaa WITHOUT sharing anything. Simply set the download directory to a directory you are not sharing, and make sure that you are not share ANY directories.
    • It's entirely conceivable that this guy left Kazaa running while going away to Romania, with all his stuff shared.

      With what computer? RTFA: "Prisnel says he has never owned a computer in the United States, a fact to which 20 other students signed a statement attesting on his behalf."

      • MIT student doesnt have a computer... right.

        Myabe he doesnt "own" it.
        Maybe he rented it, leased it, or maybe it's "owned" by his parents, and he just uses it while at school.
        I don't fucking know- the point of my post is that just because hes away in romania doesnt mean he couldnt have been sharing files.
    • Except that he doesn't own a PC. If he did that with someone else's PC then it's that person's problem, not his. As an analogy, if I let a friend borrow my car and he forgets to put on the parking brake and it rolls into somebody's front window, I am responsible since it was my car. (If you don't believe this, then realize that the insurance YOU pay for is what covers accidents when you let someone driver YOUR car -- in other words, the car is your responsibility.)
  • The RIAA is not out there suing people for the $. Neither are they doing it to stop the people the people they are suing from sharing. They cannot sue all 30 million people that share, but what they do accomplish is scaring people into not sharing. When most of my laymen friends heard that "people are getting sued", they did not care that it was 300 people out of 30 million, they took down their files because they could get sued next. As a matter of fact, I don't know anyone but myself at the moment that

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...