Judge: No Privacy Expectations For Data On P2P Networks

An anonymous reader writes "A federal judge in Vermont has denied a motion to suppress evidence filed by three defendants in a child porn case. The three had alleged their Fourth Amendment rights were violated when police used an automated P2P query-response tool to gather information from their computers. That information subsequently led to their arrest and indictments. The judge held (PDF) that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data."

well, of course

[turkeydance]

nothing has ever been private on the internets.

but.....

[BreakBad]

my privates have been on the internet.

Re:

[Anonymous Coward]

my privates have been on the internet.

From this day forth you shall refer to them as your publics.

Re:well, of course

[Anonymous Coward]

Especially on a P2P network like Gnutella where you can do search by keywords and then directly view what people have on their computers. It's like hanging a poster in your living room of a child being abused and someone walking by seeing it. They made the materials available for the public to see. I hope more people who are into sick stuff like that make the mistake of having the files publically visible. Especially p2p users since given the nature of p2p they can also be slapped with a distribution charge which will add years to their sentence.

Re:

[g0bshiTe]

I say keep em out of jail, castration is a much nicer option, it also will eventually breed those traits that cause it out of the gene pool.

Re:

[EdIII]

That's assuming that it's genetic and not environmental.

Re:

[amiga3D]

You make the assumption this is genetic. If sexual proclivities were genetic then homosexuality would much rarer.

Re:well, of course

[Runaway1956]

"2) Going down the eugenics and forced sterilization route is a slippery slope straight to hell. Look at what we used to do in the 1930s. It's the stuff of nightmares."

Sorry - I have to disagree.

By that logic, all firearms should be outlawed, because some firearms have been used to commit crimes. A LOT of people will latch onto that, and clamor for stricter gun control - but the logic doesn't stop there. Since some automobiles have been used to commit murder, then all automobiles should be outlawed. Knives have been used to murder, so all knives should be outlawed. Rocks have been used to commit murder, blah blah blah.

Horrible things have been done, in the name of science, and specifically eugenics. Does that necessarily mean that any studies into eugenics is evil? I say, "Not only NO, but HELL NO!"

While I will readily admit that eugenics can be pretty damned scary, it has the POTENTIAL of weeding out a lot of hereditary diseases and conditions. If scientists announced tomorrow that they could screen for cystic fibrosis, with greater than 99% confidence, and abort the fetus early in the first trimester, would you object to that? Or, even better for those who oppose abortion for any reason: Mother could take a prenatal supplement that would guarantee that she couldn't conceive a child subject to cystic fibrosis. She simply rejects any sperm. Yes, I'm pulling this out of my ass, it's entirely from dreamland - but IF it were possible, would you object?

How 'bout if we could prevent elephantiasis, or mongoloids, or any number of deformities and conditions? Would you object to weeding out alcoholism?

Eugenics isn't evil in and of itself. I feel that we have a responsibility to take reasonable actions to make future generations healthier. Or, smarter. Or stronger.

Forced sterilization? If we got so far along that we could screen for all the many conditions that make people's lives so miserable, sterilization wouldn't be a necessity. Instead, Mother can pick and choose traits, simply rejecting any and all number of undesirable traits.

"Available for public download" - AT&T and Wee

[sideslash]

So when AT&T made their iPhone subscriber list "available for public download" that implicitly gave people on the internet permission to access this private information? Oh wait, they sentenced Weev to jail time for that [slashdot.org]. I'm so confused.

And no, I'm not defending child porn users. Well, I guess I sort of am. But not... Darn it, you guys know what I mean.

Re:"Available for public download" - AT&T and

[NettiWelho]

Silly peasant, aristocracy have their own set of laws and courts.

Re:"Available for public download" - AT&T and

[Jah-Wren Ryel]

And no, I'm not defending child porn users. Well, I guess I sort of am. But not... Darn it, you guys know what I mean.

Kiddie porn pirates are not the problem, the problem are all the people involved in the production. If you believe the MAFIAA's rhetoric the pirates are the solution since they are destroying the jobs of all the hard-working people in the kiddie porn industry.

Re:"Available for public download" - AT&T and

[NettiWelho]

If you believe the MAFIAA's rhetoric the pirates are the solution since they are destroying the jobs of all the hard-working people in the kiddie porn industry.

I was gonna say the same but couldnt come up with a way of saying "think of the children and download kiddie porn" without it coming across the wrong way.

Re:"Available for public download" - AT&T and

[Jah-Wren Ryel]

I was gonna say the same but couldnt come up with a way of saying "think of the children and download kiddie porn" without it coming across the wrong way.

I think the take-away here is that the MPAA and RIAA are steadfast in their support of kiddie porn producers.

Re:

[noh8rz10]

How many kids got abused because pedos had their impulses inflamed by porn? And found a welcoming community of like-minded people to offer support, encouragement and advice? I think you're looking at this wrong.

Re:

[Cederic]

No, he's asking a valid question. You're asking the equally valid one that needs to be answered at the same time.

Don't stop asking the questions. That way lies tyranny.

Re:

[noh8rz10]

I think the notion that CP somehow extinguishes a fire in a pedo, preventing harm, is groundless. It goes against common sense and 60+ years of pr0n research. Extraordinary claims require extraordinary proof. my claim is reasonable and rooted in the common human experience. it is prima facae true.

Re:

[mendax]

I wonder how many of children are spared of abuse because the pervs had their impulses shunned by porn.

Not many I suspect. All the porn does is stoke the fires of the perversion. It's a kind of addiction, a progressive disease, not unlike alcoholism. Use of the porn leads will lead to an actual victim at some point if the porn user lives long enough and gets the opportunity.

Re:

[cheekyjohnson]

Use of the porn leads will lead to an actual victim at some point if the porn user lives long enough and gets the opportunity.

I can spew forth unprovable, nonsensical statements, too. Must I?

Re:

[TapeCutter]

Video games don't cause people to be violent, nor do they cause them to be peaceful.

Re:

[91degrees]

It would potentially mean it could be used as evidence against people without a search warrant. It certainly mean it could be used as evidence against AT&T if it showed evidence of a crime since they were the ones who made the mistake.

Re:

[thoromyr]

Shame I don't have mod points (they just expired). Please mod parent up.

Re:

[DaveV1.0]

I don't think you understand what Auernheimer did. The database wasn't "available for public download" It was exposed due to poor design and poor security. This is directly counter to purpose of P2P software which is to make accessible files and/or information on one's computer.

Re:

[Hatta]

The database wasn't "available for public download"

It most certaily was. Because the public did download it.

This is directly counter to purpose of P2P software which is to make accessible files and/or information on one's computer.

And what is the purpose of a web server?

Re:

[onyxruby]

Are you even aware of the particulars of the script kiddie attack that Weev did to get that data? It wasn't published in any kind of manner where you could get it without prompting for it.

By your logic just because someone has something on a web server they are sharing it with everyone. Let me guess, you think credit cards and health records are fair game too?

Re:

[DaveV1.0]

This. Apparently Hatta doesn't understand what what Auernheimer did as well.

Re:

[Hatta]

Are you even aware of the particulars of the script kiddie attack that Weev did to get that data?

Weev wrote a script. In this case the police used "an automated P2P query-response tool". What's the difference?

By your logic just because someone has something on a web server they are sharing it with everyone

If you fail to put any authentication on it, then yes. How else is the web supposed to function?

Let me guess, you think credit cards and health records are fair game too?

If you post your credit card num

Re:

[onyxruby]

I would love to see you try say that to a judge in a court of law with a straight face.

Re:

[geekoid]

WeeV's script was a spoof to gain access.

"If you fail to put any authentication on it, then yes. How else is the web supposed to function?"
AT&Ts site DID have authentication. WeeV wrote a script to lie about who he was. i.e. spoof.

"If you post your credit card number on a public website, then yes it's totally fair game for me to download that information. Using that information to commit fraud is still illegal of course."

Only if by public you mean anyone can openly connect by design, then you are corre

Re:

[Hatta]

AT&Ts site DID have authentication.

Authentication is something you know, have, or are [cornell.edu]

All approaches for human authentication rely on at least one of the following:

Something you know (eg. a password). This is the most common kind of authentication used for humans. We use passwords every day to access our systems. Unfortunately, something that you know can become something you just forgot. And if you write it down, then other people might find it.

Re:

[bws111]

You seem confused on the differences between access and authorization. The question in the AT&T case was about authorization. Was the guy authorized to access the things he did? Clearly he could access the data, but was he authorized to do so? If you have my bank credentials you have access to my account, but you do not have authorization to do anything with the account. Yes, you have the ability to do things, but that is nowhere near the same as being authorized.

In cases like that the courts will

Re:

[Hatta]

In cases like that the courts will use a 'reasonable person' test.

I don't see how any reasonable person can determine that a publicly facing web server without any sort of authentication is not free to access. Authentication is how authorization is implemented on the internet. Any other policy will break the internet.

If there was a link off of att.com

How do you know you are authorized to visit att.com in the first place? You submit a query, and see if you get a response. Exactly what weev did.

The poli

Re:

[onyxruby]

Weev took advantage of a poorly secured access on their part. That is hardly the same thing as putting something on a peer to peer network. It's akin to saying that just because someone secured their house with screen doors that they were okay with people taking their contents.

Now you can fairly criticize AT&T for poor security, and you can certainly criticize Weev for taking their data and publicizing it, but try to keep the criticism grounded in reality, eh?

Re:

[Hatta]

Weev took advantage of a poorly secured access on their part.

And the police here took advantage of poorly secured access on these guys P2P program. The only evidence that these guys intended to share this data is that the data was shared. The same evidence exists for AT&T's data.

It's the exact same thing.

Pie analogy

[istartedi]

Leaving pie on a window sill to cool vs. giving away pies.

If I leave a pie on my window sill to cool, you don't have a right to steal it. That AT&T data sounds like the pie to me.

If I left a pie on a table in front of the house with a sign that said, "free pie for anybody who wants it", and a health inspector came by and cited me for distributing food in an unsafe manner and/or without a permit, that'd be like putting illegal data on a p2p network.

Re:

[geekoid]

You know they had to do spoofing to get that information, right?
In other words, they had to trick(lie to) the server into thinking they where the iPad owner.

If AT&T had simple left a file with all the info in it on a public site that any person could get to it, there would have been no legal consequences for WeeV

Re:"Available for public download" - AT&T and

[Hatta]

In this case they implied consent of making their information public by using that network, an AT&T customer did not imply consent of their information being made public.

AT&T implied consent of that information being made public by not implementing any sort of authentication. From TFA:

"The evidence overwhelmingly demonstrates that the only information accessed was made publicly available by the IP address or the software it was using," Reiss wrote. "Accordingly, either intentionally or inadvertently, through the use of peer-to-peer file sharing software, Defendants exposed to the public the information they now claim was private."

Could you not say exactly the same thing about AT&T's "private" data? Substitute "peer to peer" with "web server" where appropriate.

Re:

[Anonymous Coward]

IANAL, but there comes a point when every law reduces to some arbitrary judgment call. If I leave a box of donuts open in my closed (but not locked) office, I might expect coworkers not to eat any. On the other hand, leaving the same box of donuts in the break room makes that assumption unreasonable. In both cases, there is absolutely nothing stopping coworkers from getting to the donuts; society has decided that putting the donuts behind a door makes them my property, whereas putting them in the break room

Re:

[Hatta]

IANAL, but there comes a point when every law reduces to some arbitrary judgment call.

A public, unauthenticated internet service is a public, unauthenticated internet service. There is no justice whatsoever in treating them differently.

This discrepancy only demonstrates to what degree justice is lacking in the US. Justice is blind, but in the US corporations like AT&T get special treatment under the law.

Re:

[CanHasDIY]

Whoever this AC arguing with you is, they should really consider reading the summary before digging any deeper.

Specifically, the last sentence, where the judge states that intent has nothing to do with the ruling (admittedly fucked up, but it does technically legitimize weez's access of the files AT&T made public-facing).

Re:

[jklovanc]

A public, unauthenticated internet service is a public, unauthenticated internet service.

Weev did not make a standard query to a server and get information. He had scripts that sent millions of possible imei's to the server to get information for that specific user. He was convicted because he use IMEI's that did not belong to him and therefore masqueraded as the owners of those phones to download the information.

Re:

[Hatta]

He had scripts that sent millions of possible imei's to the server to get information for that specific user.

Sure, and if I write a script that sends millions of requests to slashdot.org, from "http://slashdot.org/~a" to "http://slashdot.org/~ZZZZZZZZ", so what?

He was convicted because he use IMEI's that did not belong to him

How is that any different from me accessing "http://slashdot.org/~jklovanc"? I'm using a username that does not belong to me.

Re:"Available for public download" - AT&T and

[Hatta]

Another opinion is that these are two different kinds of services intended for two different kinds of uses.

What exactly is the meaninful difference between the two services? Functionally, they are identical.

That's a valid opinion, but possibly not a widely employed social convention.

You know what is a widely employed social convention? That unauthenticated web services are free to use by the public.

Re:

[Anonymous Coward]

Intention seems to be the definitive factor for you, so riddle me this: did the kiddie-diddlers intend to expose incriminating evidence? If not, then this is a discrepancy in the application of the law -- not entirely unexpected, but still worth pointing out.

Re:

[sugar and acid]

Intention seems to be the definitive factor for you, so riddle me this: did the kiddie-diddlers intend to expose incriminating evidence? If not, then this is a discrepancy in the application of the law -- not entirely unexpected, but still worth pointing out.

Of course their intent was not to incriminate themselves. But their intent was clearly to share this incriminating content publicly with other like minded kiddie-diddlers. Thus they made it public.

Your argument is like saying an illegal drug dealer that sells drugs to an undercover cop can't have the sold drugs used as evidence against him, because his intent wasn't to incriminate himself, but instead to sell the drugs to proper drug users.

Re:

[Hatta]

Certainly, there are many high-profile unauthenticated web services which are intended to be free for the public to use. However, this doesn't necessarily mean that all are.

The widely employed social convention is that they are.

Similarly, there are plenty of closed doors which are perfectly fine for the general public to open (doors to stores, public buildings, hotel lobbies, etc.), while there are plenty of doors that are not.

Tresspass laws require you post notice.

Note that this doesn't apply to the articl

Re:

[DutchUncle]

You have to post trespass notices in places that otherwise appear public; like posting notices on the boundaries of your undeveloped property where the property line would not be obvious (especially in a place where you don't construct a physical fence, like the woods) .

You do NOT have to post a trespass notice on your front door, or garage door, or shed door, whether you lock them or not. OTOH a visibly-marked store does not have to post a "non-trespass" notice on *their* door. The contexts in the phy

Re:"Available for public download" - AT&T and

[CanHasDIY]

RFTS, dude:

The judge held (PDF) that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data.

"inadvertently made public" == "did not intend to make public."

Intent has fuck-all to do with the ruling; per the judge, what these pervs did and what AT&T did are exactly the same thing.

Re:

[_xeno_]

Could you not say exactly the same thing about AT&T's "private" data? Substitute "peer to peer" with "web server" where appropriate.

Actually, probably not. There was an access control on the data in the weev case, as I understand it, it was just a brain-dead stupid one: your user agent. Basically, you could only pull the email addresses from the AT&T web server if you were using an iPad.

Which leads me to why I expect the two are legally different: when you put something up on a P2P service, they become searchable and not just accessible. Half of the point behind a P2P service is make it possible to find interesting files, the other

Re:

[sideslash]

Are you saying that the pervs (I agree with the term if they are really users of C.P., which I don't know) were offering use of their p2p sharing resources for all purposes, including for law enforcement access? Because the way hacking laws are applied, the judge pays attention to the intent of the "maker-available" and not just to the question of whether it was published on the internet.

AT&T made their list available, the pervs made their media available. AT&T didn't want Weev to access (other p

Re:"Available for public download" - AT&T and

[Zordak]

False analogy. This case is not controlled by copyright law. This is a fourth amendment case. Those two bodies of law have almost nothing to do with each other substantively (yes, there may be fourth amendment implications to how police investigate copyrights, but that's separate from the substance of copyright law). The question here is whether the defendants had a reasonable expectation of privacy in the data, not what they subjectively hoped people would do with it. If you grow weed in an open field, with a sign that says, "Cops don't look!" it doesn't matter that you subjectively intended to exclude police from seeing what was in the field. Your expectation of privacy, if you had any, was not reasonable.

Re:

[Zordak]

(By the way, I'm referring to copyright law in terms of your "make available" argument, not weev.)

Re:

[geekoid]

WeeV had to lie in order to gain access to the information.,
That's the difference.

Re:

[Hatta]

The entire intent of P2P sharing is "HEY GUYS I HAVE THESE FILES"

And if the files were accidentally shared? Then the intent was not there, and the police are commiting the same crime weev was convicted of.

The intent of ATT wasn't "HEY GUYS I HAVE ALL THESE CUSTOMERS".

And we're supposed to read AT&T's mind?

Re:

[geekoid]

It doesn't require mind reading to know they don't want to having the files when you have to lie about who you are to get to them.

Re:

[Hatta]

Weev no more lied about who he was than I'm lying about who I am when I access "http://slashdot.org/~geekoid".

Re:

[bws111]

No, they are not. Don't be stupid. Weev was convicted of identity fraud - he was lying about who he was to get access to data he was not authorized to access. The police are not engaged in identity fraud - they are allowed to use different identities.

Re:

[Hatta]

Weev was convicted of identity fraud

Weev was unjustly convicted.

he was lying about who he was to get access to data he was not authorized to access

He wasn't lying about who he was, any more than I'm lying about who I am when I access "http://slashdot.org/~bws111"

Hold on

[Hatta]

If you run a service on the internet, you have no expectation of privacy of the data you serve. That sounds reasonable enough. But why then was weev [wired.com] imprisoned for downloading data from a publically facing web server?

If weev can be imprisoned for computer hacking by using a publicly facing server in ways not intended by the owner, why aren't the police here facing similar charges?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Hold on

[Hatta]

And what is the purpose of publicly facing web servers without authentication?

Re:

[Trepidity]

But the court's decision doesn't argue that. It argues that intention is irrelevant, and there is no privacy expectation in this case even if the files were accidentally or otherwise unintentionally made available.

Re:

[vux984]

Because that WAS the intention of the owner: to share their data with random, unknown 3rd parties. That's pretty much the entire purpose of P2P networks.

No. The intention of the owner, and the purpose of P2P was to share the files, not information about themselves.

You can argue that it is a natural function of the software, doing what it was designed to do, but that didn't get Weev anywhere either, now did it?

Re:

[CanHasDIY]

Because that WAS the intention of the owner: to share their data with random, unknown 3rd parties. That's pretty much the entire purpose of P2P networks.

According to the summary, intent is non sequitur:

The judge held that the defendants had either inadvertently, or otherwise, made the information available for public download on a P2P network and therefore couldn't assert any privacy claims over the data.

inadvertently == no intent.

Re:

[Fwipp]

Well, if you share something on a P2P network, you intend for people to download it.
If you accidentally reveal a list of other people's sensitive information (because you're bad at the web), you arguably didn't intend to make that data publicly available.

Not meaning to side against weev or anything here, just pointing out a meaningful difference between the two.

Re:

[Hatta]

Well, if you share something on a P2P network, you intend for people to download it.

And if you post something on a web server and don't implement any authentication?

If you accidentally reveal a list of other people's sensitive information (because you're bad at the web), you arguably didn't intend to make that data publicly available.

What if I "accidentally" share my root directory on P2P and you download something. Should I be able to have you imprisoned under the CFAA?

Not meaning to side against weev or

Re:

[Fwipp]

You don't see any difference between "Shit, we left some of our internal DB data accessible" and "I love downloadin things from this P2P network, huh I wonder what peer-to-peer means..." ?

Besides, this is a different legal question. It's not "are the cops breaking the law against hacking," it's "are the cops violating the 4th amendment?"

Re:

[Hatta]

You don't see any difference between "Shit, we left some of our internal DB data accessible" and "I love downloadin things from this P2P network, huh I wonder what peer-to-peer means..." ?

I don't see any difference between "Shit, we left some of our internal DB data accessible" and "Shit, I shared the wrong folder on my P2P app". There is no difference whatsoever.

Either you can infer intent from public availability or you cannot. You cannot have it both ways.

Re:

[DarkOx]

You have to be pretty darn "bad at the web" to put stuff on a web server unintentionally. I doubt the guy in this article had any more intent to reveal what he was downloading and who he was than AT&T had to publish that customer list. He did publicly because he did not fully understand the nature of how the application worked, just like AT&T apparently did not understand how .htaccess, or or whatever the problem was worked.

Finally its not other people's sensitive information its AT&T's sensi

Re:

[TWX]

Probably because weev's lawyers didn't do a good job arguing that by putting content on a public web server , AT&T was publishing it for all to see.

Analogies like printing free newspapers with this information at the bottom of page 36 and placing them in those hoppers on street corners could have been drawn; it's unlikely that very many people will get to page 36 and read the bottom, as that's usually buried among all of the crap advertising spots, but that information was made available in publis

Re:

[geekoid]

They probably didn't argue that because that wasn't the case. Weev had to do spoofing to get the data.

Re:

[anagama]

There is a distinction between this and the situation in weev. It doesn't seem like a big distinction to people who are even vaguely familiar with URLs but to many legal professionals, a large percentage of whom are technically incompetent (the number of law offices I've seen running open access points or WEP encrypted wireless networks in my office building is pretty astounding). This isn't true for all in the legal community, and I'm sure it is getting less common as time goes by, but there are still a

Re:

[Hatta]

Anyway, Weev had to manipulate a URL to get the information. He even wrote a script to do this.

Police used "an automated P2P query-response tool".

Re:

[anagama]

Point taken.

Either the police and weev should be in jail, or both should be free. This is a good example of the double legal standard applied to pleebs and those in power.

Re:

[Hatta]

Using a tool to facilitate the collection of published information doesn't constitute unauthorized access.

Isn't that exactly what weev did?

Re:

[thoromyr]

That is not the distinction you are looking for. The distinction is that AT&T was not accused of committing a crime and these guys have been. It might seem related until you understand something about the legal system: there are different rules for different things.

In the case of Weev, he accessed data without authority. (No, I haven't reviewed the case to see exactly what the charges were, but it was something along those lines). Weev was then accused of having broken a law (pertaining to unauthorized

Re:

[gnasher719]

If you run a service on the internet, you have no expectation of privacy of the data you serve. That sounds reasonable enough. But why then was weev [wired.com] imprisoned for downloading data from a publically facing web server?

If weev can be imprisoned for computer hacking by using a publicly facing server in ways not intended by the owner, why aren't the police here facing similar charges?

Your argument is total rubbish. The "expectation of privacy" or lack thereof means that "weev" whoever that is probably was allowed to tell the world that a company is careless with customers' data. That doesn't give him any right to the actual data. It's private information. He can't get the right to download information belonging to X, Y, Z and over hundred thousand other people just because someone who is neither X, Y, Z or any of those other people makes a mistake.

Re:

[jafac]

If one has gone through the trouble to contract with a PKI provider for an ssl certificate, and taken other reasonable precautionary measures, I would think that the secured traffic provides a reasonable expectation of privacy, by a legal definition, even if technically, that privacy is not bulletproof. If you're sending plaintext over the wire, then, of course, you should know you could be listened to. But not secured traffic.

Re:

[jklovanc]

Because he brute force hacked the IMEI's and downloaded information for specific users. He was convicted because he used IMEI's that did not belong to him and therefore masqueraded as the phone owner to gain the information.

In this case the police used standard P2P queries to get the information. It is not hacking when one does not fraudulently misidentify one's self.

Headline wrong of course

[Lando]

The ruling is on, "made the information available for public download on a P2P network" there are plenty of private p2p services. If you make your information available to everyone then of course the police don't need to go through red tape to get that information. Non-story

In other news...

[sirwired]

In other news, the Police also do not need a warrant to attend your public meeting. They don't need a warrant to read the book you published on the rack of the local bookstore. They don't need a warrant to browse around your open store in the local strip mall.

And they don't need a warrant to download data you offered up to any member of the public and browse through it to find incriminating evidence.

They just pled guilty

[Hobadee]

*Disclaimer* I did not read the article. (Anyone surprised)
By claiming that their 4th amendment rights were violated, they basically just pled guilty. The proper defense is "ZOMG some sicko hacked my WiFi!"

Re:

[mpoulton]

*Disclaimer* I did not read the article. (Anyone surprised) By claiming that their 4th amendment rights were violated, they basically just pled guilty. The proper defense is "ZOMG some sicko hacked my WiFi!"

Not at all. There are plenty of circumstances where a 4th Amendment challenge may exist in addition to other legal and factual defenses. For example, let's say you are driving a convertible and get pulled over by the police for no good reason, and they proceed to search your car without probable cause and find a baggie of drugs in the back seat. You have two 4th Amendment challenges here - both to the stop, and also to the search. You also have a defense that the baggie in the back seat of a convertible

Re:

[Nukenbar]

This is correct. The first stage of any criminal prosecution after arraignment is decisions on motions to exclude different type evidence that the prosecutor is required to disclose that they intent to use at trial. This could be 1) physical evidence, like the smoking gun, 2) statements such as interviews with the police or other admissions 3) or electronic evidence such as this.

P2P != Wifi? Double standard from the courts

[wiredlogic]

So if one allows access to P2P indexers, those people cannot retroactively claim their privacy was violated. Reasonable enough. However, if Google records unencrypted WiFi broadcasts over public spectrum they are guilty of wiretapping? It seems like there's a double standard being applied by the courts.

Important Question

[IonOtter]

Why do some of the biggest legal questions and issues seem to revolve around child pornography prosecutions?

Re:

[gl4ss]

That is an interesting ruling. On that basis, all sorts of things would become legal.

yeah good luck arguing that madonnas music album with the screams is free to download though..

Re:

[Qzukk]

all sorts of things would become legal.

(Un?)fortunately no, your government overlords are not held to the same laws you are. As an example, you'd be arrested if you went around looking in open windows. Cops can do that all they want.

Re:Open...

[Impy the Impiuos Imp]

Yeah, I don't see what the issue is. They were sharing these files, or left them in folders their P2P software would automatically share.

The article shows the police went ot of their way to deliberately not download the files, presumably for 4th Amendment search reasons, though why even that would be a problem I don't know. They were deliberately and knowingly sharing those files.

Re:

[camperdave]

It's a goose/gander precident thing. Now, when Disney puts its movies on a P2P site, they can no longer claim an Oops.

Re:

[ShanghaiBill]

It's a goose/gander precident thing. Now, when Disney puts its movies on a P2P site, they can no longer claim an Oops.

Umm, no ... they would not be able to claim they are inadmissible as evidence in court. But that would not change the copyright.

Re: Open...

[Luthair]

I imagine they were trying to say that as Disney is the copyright holder and was doing the distributing then users are getting the files legitimately. While I agree in principle I don't know that it really follows from the ruling.

Re:

[Bob9113]

They were deliberately and knowingly sharing those files.

The "knowingly" part is the only question in my mind. From TFP:

had either inadvertently, or otherwise, made the information available for public download on a P2P network

"Inadvertently" is a big word. Does the same apply if there is a crack in your curtains through which the papers in your home can be seen? Or, as others have pointed out, does the same apply when a well-connected corporation inadvertently exposes their data to the public? [slashdot.org]

Re:Open...

[SuricouRaven]

Thanks to the power of precedent, not any more.

Child porn is very handy for setting a precedent, because judge and jury alike will usually so loathe the victim they'll do anything to see a strict sentence happen. If you've a defendant you can prove had child porn, you could probably charge them with regicide and conspiracy to blow up Pluto - and still have a chance of a conviction.

Re:

[hypergreatthing]

So hey just a question:
Isn't the entire internet a massive P2P network?

File sharing apps

[tepples]

The Internet is peer-to-peer, apart from recent end-to-end compromises such as carrier-grade NAT. But as I understand the Computerworld article, it refers specifically to file search and sharing applications run on top of the peer-to-peer Internet.

Re:

[DaveV1.0]

No, because the copyright holder didn't put the material out there.

Re:

[Jody Bruchon]

The National Juvenile Online Victimization Study in 2005 [missingkids.com] found that 100% of CP possessors whose cases were not dismissed or dropped were convicted, and 86% to 90% of the cases were guilty pleas (presumably with plea bargains.) Once you are accused of CP possession, you will almost always be convicted regardless of the facts and circumstances. If you fight it, you will be given many times the punishment of the plea bargain you turned down.

Re:

[blueg3]

It depends. From a technical standpoint, it's only reasonable to create MD5 collisions, and even then, it requires engineering both files. So, in many contexts, even MD5 collisions can be considered non-issues. A lot of P2P systems use SHA1 or SHA2, which alleviate even that problem.

Realistically, most jurisdictions don't actually trust that as evidence. A defense lawyer will ask exactly what you're asking, and then you'll be forced into the situation of explaining shadowy technical magic, which juries neve

Re:

[foobar bazbot]

From TFA, it stated that the defendants had files with the same hash value as known kiddy porn files. Now I know a hash collision is unlikely, but by its very nature it is possible. Since they did not download the file, how can they claim to have probable cause? That's kind of scary...

Hmmm....

hash collision is unlikely

claim to have probable cause

I wonder if there's a reason it's called "probable cause" instead of "absolutely proven cause", and why it legally has a different standard of (un)certainty than needed for conviction?

Re:

[msobkow]

How about two teenagers sharing pictures with each other? Is it "kiddie porn" or is it "age appropriate porn"?

Should they be shot, too?