Judge Orders Piracy Trial To Test IP Address Evidence

another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth." "The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."

Responsibility?

[i_ate_god]

An IP address will identify a connection, that someone is responsible for.

There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.

Re:IPs parallel the discoverable world

[eqisow]

People can share IP addresses, but only twins share DNA?

Re:IPs parallel the discoverable world

[bonehead]

From the comfort of my living room I can connect to no fewer than 6 access points that don't belong to me. 2 more if I wanted to take 5 minutes to crack a few WEP passwords. If I had a mind to I could use them to download movies, music. If I really wanted to cause trouble there are plenty of worse things I could do.

There would be absolutely no way to trace that activity back to me, and the people taking the blame would be guilty of no other crime than not understanding how networks operate.

Spoofing another person's DNA would be *slightly* more challenging.

Re:IPs parallel the discoverable world

[Anonymous Coward]

Your DNA can get nearly anywhere very easily. If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.

DNA isn't as accurate as some make it out to be.

It can help.

[TheLink]

An IP address can _help_ positively identify a person.
It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.

But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.

However in this case they want huge fines and the fines to go to them ;).

Re:IPs parallel the discoverable world

[neonmonk]

Yes you can. You can easily 'hijack' DNA from someone and plant it at the scene of your crime. Hair clippings, skin flakes, spit. You could even use it to commit the crime if you so desired, but you'll need a fair bit of hair to choke a full grown man. Could be fun though.

Re:Responsibility?

[Riceballsan]

Really when it comes to cars, generally the way they cover themselves, is by knowing who is using their cars at all times. Lets say hypothetically a rental car was used in a crime, anything from a getaway car for a bank robbery, to running a red light with cameras. The police contact the rental car company and ask who was driving the car with the license plate at 7:30PM on monday. The rental car company shows their copy of the ID, the form of payment they took, etc... and the police move on to look for the actual crook. Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is. A loaned car, they will probably ask you who you loaned it to and analyze it. Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence. IMO it's a grey area depending on how the wifi was breached, but that's where it opens up the can of worms, wifi cracking usually leaves no trace. Distinguishing, open wifi, secured wifi used by authorized users, and broken secure wifi, is where the case lies, and IMO should be required to file the suit. IMO the RIAA should have to send a goon to the location, determine if there is wifi, if there is then determine if it is open. If the location has no or closed wifi, have to work with local police and have the police obtain a search warrent, and actually prove the files are on a machine in said house. The batch lawsuits of gathering 10,000+ IPs at a time and suing them all requiring the defendants to prove their innocence is an abomination to due process.

Now whether the laws should even exist in the first place, is a whole other matter. IMO no, but that is off the subject, the discussion isn't on whether the law is right or not, but on whether just sniffing trackers for IP addresses, is enough to fairly judge someone guilty. My view on that is absofrickinlutely not.

Re:Responsibility?

[Anonymous Coward]

The Internet is meant to be open and free. You clearly oppose that because you believe that it's easier to adopt a Tough On Crime mentality than to do some actual police work. It's much easier to just throw your arms up and say "I don't know who did this, so we're punishing you!" than to accept that you can't get all the 'bad guys'.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

If normal people can't get away with it, businesses shouldn't be able to, either.

Re:Responsibility?

[foniksonik]

So if I leave my car unlocked or even my keys in my car and someone comes along and uses it to rob a bank I should be partially responsible?

Doesn't pass the smell test.

If you swap out car for tank and robbing a bank for rampaging through San Diego then it looks more like criminal negligence.

I'm thinking a misdemeanor at most for leaving a wifi connection open. That's still stretching it.

Re:IPs parallel the discoverable world

[LordLimecat]

ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.

The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer 2 protocol and would not be leaked when sending ie a death threat to the president-- once those packets hit your router, the layer 2 information is stripped out and rewritten with the router's own info, which is then stripped and rewritten at the next hop. Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.

Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence, there would be no way from a network standpoint to prove whether the owner of that connection had actually committed the crime in question.

Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.

Re:IPs parallel the discoverable world

[girlintraining]

ARP records would NOT contain your computer name

*facepalm* I also mentioned the DHCP lease data, which would. You missed that.

The idea that ARP caches have been used to bust people I find rather hard to believe, since...

Since you can't imagine a death threat being sent and then the secret service not showing up ASAP? You think they just sit around going "hmm, should we deal with this now, or after tea and crumpets?" No -- their response time is in hours. It's a job requirement that their sense of humor be surgically removed. The ARP data will likely still be in RAM, and yes, you crack open the device, and then remove the ram (or hook clips up to the debugging ports, etc., while it is powered on), chill it, and transfer it to a reader device to extract its contents. This is not theoretical: This has been proven, the people who wrote TrueCrypt describe this particular attack in great detail in their disclaimers and limitations documentation.

And yes, there are workarounds, there are always workarounds... But are dozens of things you need to do to cover your trail, and each of those things that you do reduce the pool of potential suspects. As well, you aren't considering the other evidence that may be available -- a witness to your car being parked outside a few hours before the guys with shotguns showing up, for example. The home security camera on the neighbor's house you didn't notice. The ANPR system of the gas station you drove by on the way to the street you parked outside of. The list goes on.

Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.

Yes, congratulations, you have a basic understanding of protocols. But you apparently don't understand implimentation of them in hardware, software, and firmware very well, and you're even worse at looking at the total system -- which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID). There's a hundred ways they can hang you -- and you only need to screwup once. Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days. Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?

Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence...

All ISPs are required by law to store that data; They have had to for years. Also, the government has been consolidating existing wiretapping efforts into a supermassive data center intended to store detailed and comprehensive records of all communications on the internet domestically. They don't necessarily need the ISP's assistance -- though it may speed up the execution of a search warrant.

Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.

You made a terroristic threat. Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights. They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them. A guy who merely accidentally bumped into the President spent several months in jail without a trial just last year. A government that has spent many trillions of dollars and bankrupted itself to protect against terrorism is not going to be held up by some internet critic's interpretation of the fourth amendment. The word "unreasonable" will be made to be amazingly elastic if you decide to attempt the aforementioned crime.

Re:IPs parallel the discoverable world

[Sun]

The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.

While 100% accurate, the problem is that part of these "too many people" are the police, the judges and jury.

What private company? And nobody has asserted that it matches a unique person,

Ahem ahem ahem.

I'm sorry, I was caught by a sudden cough. Do continue...

but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.

Yes, I completely agree. Unfortunately, while you show much clue in the field of statistics, you show very little clue in the field of human behavior.

DNA is routinely used, not to narrow down the suspects pool, but in order to find the suspect to begin with. That is why DNA databases are so lucrative for law enforcement. Quite often, a finger gets pointed at someone because police already had his DNA for an unrelated reason. As I'm sure you understand, this kind of use is precisely the kind where GP's concerns are justified.

Shachar

Re:Responsibility?

[bzipitidoo]

Your analogies are poor. An open suitcase full of money? Data is not like money. Money is scarce, data isn't. That's one way in which your analogy breaks down.

While the court's question is of some technical interest, it is mostly beside the point. Often an IP address can be connected to an account. Whether the use of an account on a particular occasion can be definitely tied to a person is more of a problem. Some would love to sidestep that latter question by just making the account holder liable regardless. Which means we would all be burdened with the job of policing our own Internet connections. It's no trivial matter. Have you thought about how big a burden such a requirement would impose on us all? It wouldn't stop with Internet access. For example, if you buy a few acres in the country somewhere, you would at the least have to set up surveillance to catch any criminals who happen to trespass on your property, even if the crime they're committing has nothing to do with you. Don't be so eager to ask for that kind of responsibility.

But as I said, that's all a side issue. The main issue here is whether sharing should be criminalized so that copyright can maybe function. Would that make copyright work? We already know the answer to that one: No. Even if it did enable copyright to function as intended, do we want this? In other words, is copyright a bigger public good than sharing? Again, no.

Re:Responsibility?

[shentino]

Saying "I don't give a shit who did it, it came from your internet" is a powerful motivator for people to clamp down out of fear.

And that suits the authorities just fine. They don't want upstart outspoken free speech yahoos providing TOR exit nodes anyway. They WANT you to help them censor things, and if they can make you do it by holding you responsible for other people's crimes just because they borrowed your internet to do it they will.

And learn your place you dirty fucking peasant...because businesses are in charge and they get things you don't. So suck it up.

I am of course being sarcastic on the last one, but cracking down on people that only provided the internet connection is not entirely based on ignorance. Many don't care, and are happy to force you to do their work for them.

Re:IPs parallel the discoverable world

[Anonymous Coward]

You can use it to help you identify the miscreant. Its just not definitive on all cases, everywhere, all the time which is what some companies would like the courts to believe.

Re:Responsibility?

[Hatta]

You assume wifi can only be used for ill. Leaving your wifi open is on the whole a public service. You will help more people than will be harmed by bad behavior. You shouldn't even get a ticket, you should get an award for leaving your wifi open.

Re:IPs parallel the discoverable world

[eth1]

In fact, if a person wanted to be really nasty about it, the following would be trivial to do:

1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.

You mean while I'm at work with said laptop with a lot of witnesses and firewall logs proving that I wasn't connected to the house? That would seem to be an even better indication that there was some funny business going on.