BitTorrent Cases Filed By Malibu Media Will Proceed, Rules Judge

Long-time Slashdot reader NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward.

In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.

Not possible

[Calydor]

Dude, to err is human.

Unless he claims to have some kind of psychic ability there is ALWAYS the possibility of misidentification. If those were his words, the case should be thrown out for lying to the judge.

Re:

[MightyMartian]

Clearly his claims are rubbish. WTF does "direct detection" even fucking mean? One does hope the defense pops that balloon well and good, because this is hardly the first time we've heard some snake oil dealer proclaim he can identify the identity of P2P nodes with absolute fidelity.

Re:Not possible

[Anubis IV]

WTF does "direct detection" even fucking mean?

Having read most of the ruling, it apparently means, "We connected directly to the IP address and received our copyrighted material from them", as opposed to, "We took it on faith that any IP address listed by the BitTorrent tracker is serving up our copyrighted material." The terminology comes from a 2008 University of Washington paper that discussed the fact that indirect identification (i.e. relying on the tracker), which was what was primarily in use at the time, was woefully insufficient.

From what I can gather, the ruling basically says that the case can move forward. It doesn't assign guilt, it doesn't say that an IP address = a particular person, and it doesn't deny the possibility that there are ways to spoof IP addresses. It simply says that Verizon has provided enough evidence for the case to move forward with further discovery that would help them to uncover those facts, should any of them be at play.

IANAL, so I may be misreading things, but that's roughly what I got out of what I read.

Re:

[elcor]

How did they "connect directly to the IP address"? Did they place a wiretap on each of the 84 IP address to siphon the data?

Re:

[BitterOak]

How did they "connect directly to the IP address"? Did they place a wiretap on each of the 84 IP address to siphon the data?

Most Bittorrent software shows the IP addresses where the data is coming from. Generally different parts of the file will come from different sources, but those sources are usually available.

Re:

[elcor]

And that's a reliable proof of destination or origin?

Re:

[Anubis IV]

Who said it had to be? This issue was about whether or not Verizon had done enough to allow the case to go forward into further discovery, not to prove anyone's guilt or settle the matter. Basically, they're just answering the question of, "is there enough here for a case?" By all accounts, there is. That doesn't mean there's enough to make a final ruling or prove anything conclusively yet. That'll come after the discovery process, which is what they're getting set to start, it sounds like.

Re:

[BitterOak]

And that's a reliable proof of destination or origin?

Well, it pretty much is since if your Bittorrent client has the wrong IP address of the computer with which it is exchanging data, it is kind of hard to exchange data. That's kinda how the Internet works.

Re:

[elcor]

I remember reading about a grandma getting sued by RIA for torrenting a few years back. Why is the process now so lengthly when back a few years ago it was shock and awe?

Re:

[NormalVisual]

How did they "connect directly to the IP address"? Did they place a wiretap on each of the 84 IP address to siphon the data?

Like another poster said, they're probably relying on the BT client's list of addresses. If that isn't sufficient, it's trivial to set up a monitor like Wireshark and be able to identify exactly which IP address sent any specific block of data.

Re:

[NormalVisual]

You're being pedantic.

Re: Not possible

[camg188]

Not more than judges, court proceedings and the law.

Re:

[phorm]

My guess would be some sort of malware loaded onto people's computers that's ratting them out (probably snuck into various torrents). That would be "direct", but also likely fairly illegal...

Re:

[scarboni888]

Malware is completely unnecessary here. "Direct detection" is a term defined on page 2 of Challenges and Directions for Monitoring P2P File Sharing Networks – or – Why My Printer Received a DMCA Takedown Notice [usenix.org] to be:

"involves connecting to a peer reported by the tracker and then exchanging data with that peer" As opposed to:

"Indirect Detection of infringing users relies on the set of peers returned by the coordinating tracker only, treating this list as authoritative as to whether or not I

Re:

[phorm]

So in other words, "direct detection" is still pretty a source-IP based identifier. Pretty weak.

Re: Not possible

[camg188]

When you download via BitTorrent, each bit of the file you get from seeders/peers comes "directly" from that person's computer. They just record the IP address and verify that what they got was indeed their content.

Re:Not possible

[SlaveToTheGrind]

The summary gloms together several parts of a fairly complex story to make a soundbite that sounds outrageous on the surface but really isn't.

TL;DR: John Doe pointed to an academic paper saying that most BitTorrent user identification used a less reliable method rather than a more reliable method; Malibu's expert said he used the more reliable method and made it even more reliable by actually receiving bits of Malibu's content from John Doe's IP address; judge said, "nice try, John Doe, but since Malibu isn't using the method you presented the paper to cast doubt on, you've cast doubt on nothing."

1. John Doe argues that Malibu shouldn't be allowed to subpoena Verizon at all because the fact that his IP address was part of a torrent swarm isn't proof that John Doe was actually sharing Malibu's content.
2. John Doe presents as evidence a University of Washington paper that discusses two methods, one which the authors say is unreliable and allows spoofing of IP addresses (just connecting to the tracker and pulling the list of IP addresses associated with the torrent) and one which they say is more conclusive (directly connecting to a given IP address and exchanging data with its BitTorrent client).
3. Malibu's expert testified that he used the method the author of the papers said was more conclusive, and that directly connecting to John Doe's IP address and receiving pieces of one of Malibu's films proved that John Doe's IP address wasn't being spoofed [this was where he used the "not possible" language].
4. The judge said: "Because Excipio employs the exact method that the University of Washington Paper recommends to identify copyright infringers, Defendant’s argument that “the common approach for identifying infringing users in the popular BitTorrent file sharing network is inconclusive” lacks merit."

Re:

[Raenex]

The summary gloms together several parts of a fairly complex story to make a soundbite that sounds outrageous on the surface but really isn't.

It's by "NewYorkCountryLawyer" on Slashdot. I'm shocked, totally shocked, this occurred. It's not like he or Slashdot has some kind of bias in covering copyright infringement cases.

Re:

[NewYorkCountryLawyer]

I feel confident that if the defendant had had a competent expert to rebut the Malibu phony experts, defendant would have won.

It only takes one...

[Anonymous Coward]

"It's no possible for there to be misidentification"

It'll only take one false positive to introduce reasonable doubt. Any number /
whatever number / even a SS# does not guarantee that it identifies a physical
person. That's how identity theft works. Even though a crook may have your #,
it's not you. What they're selling (to the judge) is pure fantasy.

They cannot prove by rules of evidence that IP address points to that physical
person at the time of the alleged infringement. Their attorneys should be able

Re:It only takes one...

[bmo]

Other courts have said that an IP address is not a person.

This is why a lot of other cases haven't advanced. Blindly suing people that might not even exist angers courts (Prenda).

>84 john does

"you're making too much work for the court with nonsense" is what's going to happen.

>reasonable doubt

In civil cases, it's preponderance of the evidence a lesser standard.

--
BMO

Re:

[SlaveToTheGrind]

It'll only take one false positive to introduce reasonable doubt. . . . Their attorneys should be able to easily push back on this; why haven't they?

Probably because their attorneys are... well, you know, attorneys, and thus they know that the burden of proof in a civil case isn't beyond a reasonable doubt. It's generally preponderance of the evidence, which means at least 50.0000001% likely.

Re:

[BitterOak]

"It's no possible for there to be misidentification"

It'll only take one false positive to introduce reasonable doubt. .

This is a civil lawsuit, not a criminal proceeding. The standard is proof by a preponderance of the evidence, not proof beyond a reasonable doubt. All the plaintiff has to show is that it is more likely than not, given the evidence, that the defendant was engaged in the conduct alleged. It's a fairly low standard, and an IP address in a log file might well meet that standard, even if there are multiple reasons why it may lead to the wrong person being identified.

Re:

[bmo]

I'll just leave this here. The ultimate fuck-you song.

https://www.youtube.com/watch?... [youtube.com]

--
BMO

Re:

[scarboni888]

No one in the U.S. wants to leave no matter how bad it gets there because they don't want to become victims of its foreign policies.

Re:

[Coren22]

IP address spoofing.

https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[Coren22]

Says the person who uses AC to post as a third party agreeing with himself, and AC so that no one can look up your history, like you enjoy doing to your targets.

Funny, who is the fake name here?

Re:Not possible?

[Rick Zeman]

it is "not possible" for there to be misidentification

Oh really. I'm sure Mr. Patzer wouldn't mind telling us his IP address, then? Because in 5 minutes I'd have it look like he was swarming, downloading, and sharing the filthiest copyrighted scat porn videos the internet has to offer.

It's 192.168.1.11.

Re: Not possible?

[Anonymous Coward]

OMG!!! We're on the same network!!! I'm on 192.168.1.10!!!

Re:

[hey!]

That's amazing. I've got the same combination on my luggage.

Re:

[Coren22]

Come on, get it right, he is at 127.0.0.1. That bastard is always trying to hack me.

Re:

[meerling]

To do so would be illegal, but hilarious!

Slashdot editors suck

[Anonymous Coward]

Would it be so hard to add background information on this case? I have no idea what Malibu Media is or the details of the story, and I shouldn't have to Google for it.

Editors: do you frigging job.

Downloaded 1 or more bits

[bl968]

The plaintiff should be required to download the entire file and to ensure that the checksum of said file matches the file offered via the plaintiff's service.

Re:

[rsmith-mac]

The plaintiff should be required to download the entire file and to ensure that the checksum of said file matches the file offered via the plaintiff's service.

They did. That's the whole point of the "direct detection" statement. They connected to the peers in the swarm and were able to download valid (SHA1 verified) chunks of the file from the defendants.

Re: Downloaded 1 or more bits

[Anonymous Coward]

It doesn't have to. Doesn't it point you in the right direction? That is enough, and it should be for anyone that isn't a pro-piracy zealot.

If your dashcam were on when your parked car got hit and you could clearly read the license plate, would you expect the court to tell you 'sorry, a license plate doesn't identify a person, so you're not entitled to even inquire with the registrant of the car as to who totaled your vehicle. Too bad the driver didn't show ID to your dashcam, because only things like tha

Re:

[devman]

It doesn't, but it allows discovery to proceed so the a person can be identified, for instance by subpoenaing ISP records. This part of the case isn't assigning liability it deciding whether there is enough substance to warrant proceeding with discovery.

Re:

[Anonymous Coward]

Nice try, Malibu.

Fingerprint sensor?

[HalAtWork]

"detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification."

Even if they do have a fingerprint sensor on the other end, those can be fooled.

"direct detection" defined as:

[random_ID]

For those who didn't read the linked decision: 'direct detection “involves connecting to a peer . . . and then exchanging data with that peer,” indirect detection “relies on the set of peers returned by the coordinating tracker [of a BitTorrent swarm] only, [and] treating this list as authoritative as to whether or not IPs are actually exchanging data within the swarm.”'

The real story

[NewYorkCountryLawyer]

The real story is that defendant didn't have his own expert to counter Patzer's BS

Re:

[Coren22]

Who is the defendant? I thought they were suing 84 John Does.

Re:

[Coren22]

See, the thing is, all of that seems to apply to you APK, so I am not sure what you are trying to say.

"direct detection" rather than "indirect detection

[jraff2]

Unless "direct detection" rather than "indirect detection" can be factually proven to get private information from TOR which is supposedly NOT available, and private information from "Virtual Private Networks" which again is NOT available then the case MUST be dismissed. All technology and software MUST be divulged. Not hidden nor private techniques. No one watching a network protected by TOR and/or VPN can determine who nor what is using said network.