US Court of Appeals: An IP Address Isn't Enough To Identify a Pirate (techspot.com) 168
A judge has ruled that copyright trolls need more than just an IP address if they want to go after copyright infringement. An IP is not enough proof to tie a person to a crime. From a report: In a win for privacy advocates and pirates, the Ninth Circuit Court of Appeals ruled that an IP address alone is not enough to go after someone for alleged copyright infringement. They ruled that being the registered subscriber of an infringing IP address does not create a reasonable inference that the subscriber is also the infringer. The case began back in 2016 and has been playing out in the legal system ever since. The creators of the film "The Cobbler" alleged that Thomas Gonzales had illegally downloaded their movie and sued him for it. Gonzales was a Comcast subscriber and had set up his network with an open Wi-Fi access point. At some point, someone had used his network to download the movie and the film creators captured Gonzales's IP address. The judge stated that in order for a proper case, the copyright owners would need more than just an IP address.
My God they got it right! (Score:2)
n/t
Re: (Score:3)
Now ask yourself, if the cops said my car ran someone over, would any criminal judge or appeals panel in their right minds believe that "the bare allegation that defendant owns the car is insufficient to support criminal charges"?.
Perhaps if you actually owned an IP address. Most people don't though.
Your analogy would be more apt if the person committing the crime was using a stolen rental car.
Re: (Score:2)
Re: (Score:3)
Now ask yourself, if the cops said my car ran someone over, would any criminal judge or appeals panel in their right minds believe that "the bare allegation that defendant owns the car is insufficient to support criminal charges"?
Yes, they would. Rather, the police and district attorney's office would never end an investigation at finding out who owns the car. Being the owner of the car is certainly enough for the investigators to interview you, but if you tell the police (and they verify) that you were on vacation that week, they would be crazy to file criminal charges at that point.
Re: (Score:2)
Rather, the police and district attorney's office would never end an investigation at finding out who owns the car.
If you get a ticket in the mail from a red light camera in most cities, it doesn't even matter if you were driving. You must pay. And you can't appeal, or even go to court, because the cities pass laws saying all this is so.
You might ask, doesn't the Constitution guarantee me the right to a jury trail for any criminal matter, or any civil matter worth more than $20? Sure, the Constitution says that, but the laws just say "this is neither a criminal fine nor a civil matter, you just owe us money". Proble
Re: (Score:2)
Re: (Score:2)
From where they are scanning (public internet), there is no way for them to figure the MAC of the end device.
Re: (Score:2)
ifconfig ethX hw ether aa:bb:cc:dd:ee:ff
ifconfig ethX up
Re:Open Wifi (Score:5, Interesting)
An open guest wifi restricted to nothing internal and rate limit it to say 64kbps up/64kbps down. Enough to have deniability, poor enough access that no one will use it. Obviously you have to have the right wifi equipment to restrict access to your main network as well as the rate limiting - like pfSense or Ubiquiti UniFi wifi for example, etc.
Re: (Score:2)
In one case I used a neighbor's wifi for s
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Re: (Score:3)
I don't think they have the capability of torrenting.
Android definitely does. uTorrent is right there in the Play Store, you don't even have to side load.
Re: (Score:2)
Re: (Score:2)
When I first moved in to my apartment, I was so grateful for a neighbor's open wifi that when I got my own installed, I left a guest network open for the express purpose of helping out any new neighbors.
I didn't rate limit it, but I did make sure that DNS was served by OpenDNS with filtering and that any other DNS was blocked.
Re: (Score:2)
Atleast limit it to something reasonable, like 1% of your max speed, 10 Mbps/10 Mpbs, otherwise it will never hold up. Oh wait, 64 kbps probably is 1% of your max speed in America, where I hear just having 1 ISP option is considered competitive...
Re: (Score:2)
Honestly the Open Wifi argument shouldn't really be needed. Using an IP address as the only evidence for a crime is simply ridiculous. Not much different than your car being at the scene being all it takes to convict you of a crime.
An IP address or MAC address would be a reasonable cause for a search warrant, but if investigators never find more information than just an IP address the case should clearly be dropped. This had to of been one of the easiest cases for this court of appeals in a long while.
Re: (Score:2)
I believe they ship their routers configured to create an "xfinitywifi" hotspot any Comcast customer can connect to. The advantage is that when you're travelling you can often find a hotspot where a Comcast customer hasn't turned that "feature" off. But it also creates plausible deniability.
MACs (Score:2)
Someone should tell lawyers what MAC addresses are.
No, wait. Don't.
Re: (Score:3)
Someone should tell lawyers what MAC addresses are.
Right, because it is impossible to change your MAC address /s
Re: (Score:1)
Yeah. I used to have an old Sparcstation IPC whose battery (it was built into the clock chip, of all things) had died. Had to manually enter a MAC address every time I booted it up. I usually used something like C0:FF:EE:C0:FF:EE. (Eventually I got tired of this and ordered a new clock/battery chip.)
MACs are easy to spoof -- which is why "securing" your WiFi by MAC filtering isn't foolproof.
Re:MACs (Score:4, Informative)
You figure that a MAC address is going to help ID the perp? Cute.
Also, how about the fact that MAC addresses are not usually part of the Layer 3 conversation? Just one layer 3 device and poof, the MAC address is something different. MAC doesn't survive past Layer 2.
Re: MACs (Score:3, Interesting)
A little knowledge is a dangeous thing. You could have dozens of devices on a subnet all talking to each other (with Layer 3 information) ans they're all going to know each other's MAC and it wilk "survive". I think what you mean is: once a computer needs to talk outside of the subnet and sends packets to a router, the router will only preserve the IP and not the MAC of the sender. A router ties together subnets, but the MAC from everything relayed will be it's own.
Re: (Score:2)
Unless it is IP6 ...
Re: (Score:2)
Unless it is IP6 ...
MAC addresses are not directly tied to IPv6 addresses except by convention and only in specific situations. IPv6 addresses don't always have the MAC address in them, it's just the easy rule of thumb for address assignments, but it isn't universal. Also MAC addresses are easily changed in software and hardware ones are not guaranteed to be unique. So it *might* be enough to track a device, or it may not.
But it doesn't really matter.. The ISP is going to give up your name and address based on your IP Addr
Re: (Score:2)
I doubt you can change your MAC address on a phone or tablet.
Re: (Score:2)
I doubt you can change your MAC address on a phone or tablet.
Like I said, the ISP is going to finger you as the owner of the IP in question, so you are getting sued in this hypothetical. I'm just saying that your MAC address doesn't matter and doesn't uniquely ID your device in all cases.
Re: (Score:2)
But your MAC address may be a part of your IPv6...
Emphasis added.
But only if your ISP supports IPv6, your router supports IPv6, You've not spoofed your MAC and your device supports IPv6....
Re:MACs (Score:5, Informative)
If you ever buy a Khadas VIM or other Chinese-originated device (which are often set up as “torrent media centers”) they all share the same MAC address. Why: because the chipmakers didn’t want to shell out for a block of MAC addresses.
MAC addresses are only supposed to be unique on a single network. It’s not unheard of that smaller companies re-use MAC addresses in switches and other networking devices and simply make sure they don’t get sent out to the same customer or area of the country/world.
Re: (Score:2)
You can also set the MAC address to whatever you want. The card will have one burned on it that the computer can read and use, but the packets are built completely on the computer, so it's possible to set the MAC address to anything in software. C0FFEE15600d is valid.
Re: (Score:2)
Yes obviously, matter of fact, in most network cards you can simply permanently change the MAC addresses.
Re: (Score:2)
Good catch.
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
They are not reliable for anything. Anyone can spoof an MAC address and, yes, people have and will spoof them to frame others.
Re: (Score:1)
It's not something that will automatically happen for anyone who connects to your network. If you are connected to the same network then it won't even work.
So rather than the somewhat plausible defence that someone logged on to your home network, you're going for the somewhat less plausible claim that someone deliberately se
Re: (Score:2)
Only on the local lan, and only if someone isn't actively spoofing said mac. The moment it leaves the local lan that info is discarded.
Re: (Score:2)
ifconfig ethX hw ether aa:bb:cc:dd:ee:ff
ifconfig ethX up
Re: (Score:1)
No, I'm not telling you what it is.
Oh, I want you to use my network as well. At the same time as me. Not sure what happens if you have two identical MAC addresses on the same network.
Re: (Score:1)
I was simplifying. I'm assuming that most people on slashdot know broadly how these things work.
My point is, if you have someone's IP address, then, you can work out which router was being used at that time. You can't say anything more. There could be a dozen or so devices attached to that network, with multiple users.
If, somehow, you have some
Re:MACs (Score:5, Informative)
MAC addresses do NOT survive a Layer 3 translation. MAC is strictly a Layer 2 thing. So the first router that network packet hits will change the MAC address. They are even less useful to trace a packet to a person than IP's are as they are not used above Layer 2.
Re: (Score:2)
But (Score:5, Funny)
Re: (Score:1)
Re: (Score:3, Funny)
I'll never get that time back.
Found him!
Re: (Score:1)
Re: (Score:2)
Fair enough, but I don't think it makes sense to suggest the filmakers are "copyright trolls", which the summary, as written, suggests.
Re: (Score:2)
This one was obvious (Score:5, Interesting)
Because of the open WiFi.
But what about a regular household with many different users including minors and a WPA2 protected network? Who are they going to sue?
Is it really reasonable to sue the account owner in such a case? Should the account owner have to keep internal logs in order to identify which kid did the copyright violation?
Re: (Score:2)
Unless your kids are adults with money, they are coming after you anyway.
Re:This one was obvious (Score:5, Informative)
Unless your kids are adults, you're pretty much legally liable for what they do anyways. Yes, if your kid throws a rock through the neighbor's front window, YOU are going to be on the hook for repair costs....
Re: (Score:2)
OK still, let say we are only 2 adults in the house. Which one gets sued if my IP address got caught? Oh, and I also gave my WiFi password to friends and relatives.
Re: (Score:2)
Until now you'd be held liable if you are the person paying for the internet connection. Now, if this ruling stands, I'm not so sure they can come after you without some other kind of evidence, especially if there is an open WiFi network involved.
Something tells me though, that this precedent won't stand. This is a civil court, all they need show is that it was likely you, which is much lower than the "beyond reasonable doubt" threshold used in criminal courts.
Re: (Score:2)
Yeah, they need to show it's you. But if could be your friend, too.
You see, an IPv4 address only identifies a connection. The person could've been wired to the router, or wireless. The person could live at the house, or be a transient.
What's likely going to happen is a mass rollout of IPv6, where only the prefix now identifies the connection and you c
Re: (Score:2)
where only the prefix now identifies the connection and you can start monitoring individual IP addresses (all of which point to a device), so you can narrow down to which device downloaded the file, and from there figure out the likely person.
How so? You won't be allowed to share a computer under that scheme?
Re: (Score:2)
Except they don't. IP privacy, for example causes the host to choose rendon non-conflicting addresses in the prefix and changes them frequently. Also, it's easy to pick any IP you want within a prefix. For example, wait till the homeowner goes to work, then set your laptop to use the autoconfigured address of their laptop.
Others use NAT on v6 anyway, mostly because they really don't know how v6 is supposed to work and NAT is "secure".
Re: (Score:2)
They would need to show that it is MORE likely you than someone else.
Note that there are now fairly easy ways to crack WPA2 passwords.
Re: (Score:2)
They would need to show that it is MORE likely you than someone else.
If there are two adults in the household, isn't it equally likely that it is any of them? Or are they going to look at the content and be sexist and say that show XYZ must have been downloaded by a man?
Re: (Score:2)
Throw in the possibility that it is someone leeching the WiFi and you have less than a 50% chance of guessing right. And so, IP is not sufficient to identify a "pirate".
Re: (Score:2)
Unless your kids are adults, you're pretty much legally liable for what they do anyways. Yes, if your kid throws a rock through the neighbor's front window, YOU are going to be on the hook for repair costs....
Depends on how old the kid is. Has mens rea kicked in? If so, then it starts moving away from parental responsibility to individual responsibility.
Re: (Score:2)
It might also be somebody else's kids.
Re: (Score:2)
Re: (Score:2)
Because of the open WiFi. But what about a regular household with many different users including minors and a WPA2 protected network?
This is why, for your own legal protection, you should always leave your WiFi open.
IP (Score:4, Funny)
An IP isn't enough to identify a pirate?
An "I" Patch?
Re: (Score:2)
Re: (Score:2)
Of course... I just realized... an iPatch is probably what you call a pirated iPhone.
Re: (Score:2)
Okay, that one just got a chuckle out of me. First time in weeks I've laughed without laughing AT someone....
Re: (Score:2)
Of course... I just realized... an iPatch is probably what you call a pirated iPhone.
Oh.... I thought that was an ePhone....
Re: (Score:2)
An IP isn't enough to identify a pirate?
An "I" Patch?
An "aye" patch, matey!!
Re: (Score:2)
An IP isn't enough to identify a pirate?
An "I" Patch?
An "aye" patch, matey!!
Used to say that to Captain Patch all the time. Arrrrrrrrrrr
Expect lobbying for law: cameras when downloading (Score:2)
Re: (Score:2)
I expect the various copyright groups will now begin lobbying for a law requiring ISPs to use the device cameras to take a photo of whoever is at the terminal before allowing any sizeable file to be downloaded. Or perhaps just continuous video surveillance while you're connected to the ISP. As we've seen many times, anything that provides plausible deniability to copyright infringement becomes a major target of legislation by the major content providers.
No, easier - expect the ISPs (many of whom are also cable providers and copyright holders) to start inserting a line in the ToS that the subscriber accepts all liability for any acts of infringement on their internal network, regardless of whether it's a third party using their open WiFi.
criminal liability does not work that way and ISP (Score:2)
criminal liability does not work that way and the ISP will need to prove that it's logs are good and based on there cap meters that are off that can be used in court to say that there logs are not usable in court.
Re: (Score:2)
criminal liability does not work that way and the ISP will need to prove that it's logs are good and based on there cap meters that are off that can be used in court to say that there logs are not usable in court.
I never mentioned criminal liability, and this case was not about criminal liability, but civil liability for copyright infringement. Civil liability most certainly can work that way.
And yes, the ISP will need to prove that its logs are good that this subscriber had that IP address at said time, but that's not hard at all - in fact, it's a necessary function of being a service provider: you can't receive packets if the ISP has the wrong address for you. It's like the phone company sending calls to a differ
Re: (Score:2)
Well poor logs of Cap metering is an reasonable doubt issue more so in an criminal setting.
Re: (Score:2)
Well poor logs of Cap metering is an reasonable doubt issue more so in an criminal setting.
In civil litigation, the standard is "more likely than not", not "beyond a reasonable doubt."
And ISPs can certainly show that your modem had a certain IP and received packets to that IP. Otherwise, they wouldn't be ISPs.
Formalities (Score:2)
The MPAA / RIAA already know this and they know litigation ( especially beyond this ruling ) is likely going to cost them more than they're going to bring in.
Thus, my guess as to why they want to shift the burden onto the ISP's to play Copyright Cop.
Why waste your money and time when you can waste someone else's money and time instead ?
Having said that, however, are the ISP's going to follow the same rules about an IP address != a subscriber before throttling or disconnecting your service completely when th
It's an Adam Sandler movie (Score:2)
Why did this take so long? (Score:2)
This is similar to just because you were at a store when it was robbed, doesn't mean you robbed it. Also, given the metaphor it you wouldn't expect the store to go after you to recoup some of the loss because you were there and might have been involved.
Now if you want to make the case that I was complicit because I didn't stop it; well then why didn't the ISP stop it, why didn't the backbone providers stop it, why didn't the other guy(s) ISP stop it.
No, the real problem is that content holders have the exp
Re: (Score:2)
Any details: torrenting or streaming? (Score:2)
Was this the case of torrenting or streaming?
Re: (Score:2)
"Thomas Gonzales was falsely accused of illegally downloading a movie on BitTorrent"
https://www.vocativ.com/381837... [vocativ.com]
Finally some sanity! (Score:1)
This is a good ruling, but don't rely on that alone to protect your privacy. Use TOR and/or a VPN.
Great use for your previous router (Score:2)
More? (Score:1)
Taking control of the webcam whilst the ones and zeroes are being downloaded?
Re: (Score:2)
Or simply plausible deniability. As an IT admin, you do know better, you also know how to hide things better.
Re: (Score:3)
I had a (stupid) friend who ran an open wifi that got raided for the police for child porn because they tied it to his IP address. Never found any evidence on his PCs (after they sent drive copies to the FBI) or hidden stashes in his house, never arrested and the case was quietly dropped a year later.
As an IT admin you'd think he'd have known better -
I'm sure they've left "eyes" in his home network to keep a look out after they dropped the case. If he ever does anything illegal online I'm sure he'll quickly be called for it.
Re: (Score:2)
Do they have DNA and the glove?
Re:Problem: 9th CIRCUS (Score:5, Informative)
Actually, no. The overturned verdict rates are below:
6th Circuit - 87 percent;
11th Circuit - 85 percent;
9th Circuit - 79 percent;
3rd Circuit - 78 percent;
2nd Circuit and Federal Circuit - 68 percent;
8th Circuit - 67 percent;
5th Circuit - 66 percent;
7th Circuit - 48 percent;
DC Circuit - 45 percent;
1st Circuit and 4th Circuit - 43 percent;
10th Circuit - 42 percent.
Re: (Score:3)
These are ridiculously high overturn rates. What's wrong with your court system?
Re: (Score:2, Informative)
As a really helpful AC stated, the Supreme Court doesn't take all cases, so 79% overturned is not 79% of all cases, but 79% of cases that make it to the Supreme Court. The ones that don't make it to the Supreme Court are implictly confirmed.
Re:Problem: 9th CIRCUS (Score:5, Informative)
These are not the overall rates, but the rates of cases that get SCOTUS review. Cases only get a full blown review if 4 Justices vote for review (i.e. the arguments are eventually presented and ruled on). The Justices being pretty clever folk, the typical case that the SCOTUS hears arguments for are ones where both (1) 4 Justices are dissatisfied with the result from an Appellate Court, and (2) those 4 Justices believe they have a good chance of convincing a 5th Justice to go their way.
There are exceptions to the above. Sometimes two Appellate Courts have made perfectly reasonable rulings that happen to be in such conflict with each other that the SCOTUS feels obliged to get involved -- that federal law might be interpreted very differently state to state is a problem the SCOTUS was created to fix. Sometimes a case is sufficiently important that the SCOTUS feels obliged to rule in order to settle the matter with finality (e.g. Gore vs. Bush).
Re: (Score:2)
One AC already posted part of the answer. The Supreme Court is the only court than can overturn the federal circuit courts. They get to decide which cases they hear, which are pretty limited in number. So they usually only choose to take cases that are likely to be overturned, are particularly controversial, or are of questionable Constitutionality. If it's fairly clear that they'll agree with the lower court, they refuse to hear the appeal and the lower ruling stands (and therefore doesn't bring down the o
Re: (Score:2)
Yeah that's what I though.
This was a common sense ruling beings nat routers and wifi are common many users share the same IP address.
Re: (Score:2)
Re: (Score:3)
Actually, it isn't That distinction goes to the 6th and 11th. [politifact.com] Read the article for a more detailed analysis, based on the different ways these rates are calculated.
6th Circuit - 87 percent;
11th Circuit - 85 percent;
9th Circuit - 79 percent;
3rd Circuit - 78 percent;
2nd Circuit and Federal Circuit - 68 percent;
8th Circuit - 67 percent;
5th Circuit - 66 percent;
7th Circuit - 48 percent;
DC Circuit - 45 percent;
1st Circuit and 4th Circuit - 43 percent;
10th Circuit - 42 percent.