Motion To Quash Against Copyright Troll Explains How IP Address Does Not ID User
from the will-it-work? dept
That Anonymous Coward alerts us to a recently filed “motion to quash” (pdf) one of the many subpoenas that copyright troll lawyer John Steele has been trying to get courts to issue. After running into trouble convincing judges in his home state of Illinois, it appears that Steele has branched out. This latest involves a lawsuit filed in the Northern District of California, where (unfortunately) Magistrate Judge Howard Lloyd went ahead and allowed early discovery and the issuance of subpoenas. While this is standard in many cases, more and more courts have begun realizing it is not appropriate in these copyright trolling cases where the sole purpose is to identify users to try to pressure them into settling.
While there have certainly been many motions to quash, this one made some particularly good points that seemed worth highlighting. First, it explains that IP addresses are not like fingerprints and do not identify a user (my emphasis):
The Third Degree Films complaint and ex parte request for expedited discovery form yet another in a wave of suits in which copyright infringement plaintiffs seek to ?tag? a defendant based solely on an IP address. However, an IP address is not equivalent to a person or entity. It is not a fingerprint or DNA evidence ? indeed, far from it. In a remarkably similar case in which an adult entertainment content producer also sought expedited discovery to learn the identity of persons associated with IP addresses, United States District Judge Harold Baker of the Central District of Illinois denied a motion for expedited discovery and reconsideration, holding that, ?IP subscribers are not necessarily copyright infringers?The infringer might be the subscriber, someone in the subscriber?s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment.? Order of Apr. 29, 2011, VPR Internationale v. DOES 1-1017, No. 2:11-cv-02068 (Central District of Illinois) (Judge Harold A. Baker) [hereinafter VPR Internationale Order], attached hereto as Exhibit C. The point so aptly made by Judge Baker is that there may or may not be a correlation between the individual subscriber, the IP address, and the infringing activity. Id. The risk of false identification by ISPs based on internet protocol addresses is vividly illustrated by Judge Baker when he describes a raid by federal agents on a home allegedly linked to downloaded child pornography. The identity and location of the subscriber were provided by the ISP (in the same fashion as Plaintiff seeks to extract such information from Wide Open West.) After the raid revealed no pornography on the family computers, federal agents eventually learned they raided the wrong home. The downloads of pornographic material were traced to a neighbor who had used multiple IP subscribers? Wi-Fi connections. Id. This risk of false identification and false accusations through disclosure of identities of internet subscribers is also presented here. Given the nature of the allegations and the material in question, should this Court force Wide Open West to turn over the requested information, DOE No. 605 would suffer a reputational injury.
Separately, it notes that those using these tactics are using high pressure efforts to get people to pay up to settle:
If the mere act of having an internet address can link a subscriber to copyright infringement suits, internet subscribers such as DOE No. 605 will face untold reputational injury, harassment, and embarrassment. The reputational risk that Judge Baker found to be an undue burden is equally presented here: ?[W]hether you?re guilty or not, you look like a suspect.? Id. at 3. Moreover, this case presents the same extortion risk that so concerned Judge Baker:
?Could expedited discovery be used to wrest quick settlements, even from people who have done nothing wrong? The embarrassment of public exposure might be too great, the legal system too daunting and expensive, for some to ask whether VPR has competent evidence to prove its case.?
Id. Discovery is not a game. Yet, plaintiffs in these types of cases use discovery to extort settlements from anonymous defendants who wish to avoid the embarrassment of being publicly associated with this type of allegation. Id. Such abuse of the discovery process cannot be allowed to continue.
From there, it argues that since an IP address does not identify the user, the subpoena itself is invalid:
Additionally, this subpoena should not have been issued in the first place because the information sought is not relevant to Plaintiff?s allegations. Implicit in the rule granting subpoena power is a requirement that the subpoena seeks relevant information. See Syposs v. United States, 181 F.R.D. 224, 226 (W.D.N.Y. 1998)(?the reach of a subpoena issued pursuant to [FED. R. CIV. P. 45] is subject to the general relevancy standard applicable to discovery under [FED. R. CIV. P. 26(b)(1)].?). The information linked to an IP address cannot give you the identity of the infringer. VPR Internationale Order, at 2. Because the infringer could have been anybody with a laptop passing within range of the router, the information sought by Plaintiff is not relevant to the allegations in any way. Id. Moreover, even if the information has some small amount of relevance to the claim?which it does not?discovery requests cannot be granted if the quantum of relevance is outweighed by the quantum of burden to the defendant. FED. R. CIV. P. 26(b)(2)(C)(iii). Plaintiff?s request fails that balancing test. Given that DOE No. 605 was only one of many persons who could have used the IP address in question, the quantum of relevance is miniscule at best. However, as discussed above, the burden to DOE No. 605 is severe. The lack of relevance on the one hand, measured against the severe burden of risking a significant reputational injury on the other, means that this subpoena fails the Rule 26 balancing test. Id. Plaintiff?s request for information is an unjustified fishing expedition that will cause reputational injury, prejudice, and undue burden to DOE No. 605 if allowed to proceed. Good cause exists to quash the subpoena served on Wide Open West to compel the disclosure of the name, address, telephone number and e-mail address of DOE No. 605.”
Nice to see more people fighting back against obvious fishing expeditions. Hopefully more judges start realizing what these kinds of requests are really about.
Filed Under: copyright, id, ip address, trolls
Comments on “Motion To Quash Against Copyright Troll Explains How IP Address Does Not ID User”
Failed hard at the UK and they are trying it in the US where freedom of speech is much more valued. Oh wait….
After following these types of cases for years, and the “expeditions”, this is the best written motion to quash I think you have posted Mike.
Huh. This guy’s in my own backyard. Oddly, his website says nothing about covering IP related issues. It looks like divorce and family court stuff.
Re: Re:
Copyright infringement is one of the leading causes of divorce and family stuff.
Re: Re: Re:
Sorry I think someone has the copyright to divorce and Family Stuff.
Re: Re: Re:
Think of the children!
Re: Re:
Well after you accuse a husband of downloading some wild porn, you can pick up more work representing the wife in the divorce from the pervert she married.
I can only assume it is some kind of legalesse shorthand, but what is up with all the “Id”s in the quoted text?
Re: Re:
“Id.” is short for “idem,” which means “the same” in Latin. It’s used in law the same way “ibid.” (short for “ibidem,” which also means “the same” or “the same place” in Latin) is used in other academic writing. It’s a citation shorthand that means the exact same citation that was used immediately before is being used again. So if I write a sentence and then put a citation at the end, and then my very next sentence uses the same citation, I put “Id.” instead of putting the whole citation again as a shorthand. http://en.wikipedia.org/wiki/Idem
Re: Re: Re:
Indeed. Thank you.
Re: Re:
“Id.” is legalese. It’s just a form of legal citation that means the statement you’re referencing is referring back to the authority referenced directly beforehand.
Re: Re:
Id means that it is quoting from the same source as the previous quote.
And they STILL miss the much bigger point
As I’ve noted here repeatedly over the years, there are a couple hundred million zombies plugged into the Internet. (Others have cited higher estimates, and they may well be right, but I think 200M is a reasonable minimum number.)
NOTHING that those systems do can be definitively laid at the feet of their (former) (putative) owners, because those computers really do not belong to the people on whose desks or laps they rest. Not any more. Those computers belong to their new owners, who are the botmasters controlling them.
And the new owners use them to phish, to harvest email addresses, to spam, to conduct DoS attacks, to host illicit content, to crack passwords, to do anything they want.
And there is absolutely no way for an external observer, watching the traffic in/out of that system, to discern which of it is associated with the old owner and which with the new. Astute guesses can be made: rolex spam is probably from the botmaster, POP requests to the relevant ISPs mail server the former owner. But these are still just guesses, and thus should not be admitted into evidence. And — as botnet operators have become more crafty, they’ve also got much better at hiding their handiwork in “normal” traffic.
The only way to associate traffic with a user is to watch them type it/click it. (And even that is starting to become suspect as a methodology — like I said, botnet operators have gotten crafty.)
TL;DR: there is a profound disconnect between “what X’s computer did” and “what X did”.
Re: And they STILL miss the much bigger point
“And there is absolutely no way for an external observer, watching the traffic in/out of that system, to discern which of it is associated with the old owner and which with the new.”
While I found your post insightful, someone at the ISP, for example, could discern that there is traffic going to and from the botmaster and the victim. The RIAA, from the outside, however, might not be able to.
Re: Re: And they STILL miss the much bigger point
It did say “external” in the quote…
Re: Re: And they STILL miss the much bigger point
That used to be true — sufficiently well-positioned, sufficiently clueful dissection of the traffic would sometimes yield pretty useful clues as to what was going on.
But not any more. Botmasters are using encryption, tunneling, low-bandwidth/spread-spectrum techniques and the only way to really see what’s going on is to instrument the system (say, by running it in a VM and looking at it with forensic tools from the outside). And that’s not easy — still doable, just technically challenging.
But we’re not anywhere close to that in this case or the ones like it: plaintiffs continue to make the assumption that “traffic to/from your IP address” is completely equivalent to “traffic to/from you”…and it’s not true.
Re: And they STILL miss the much bigger point
This reminds me that if ever somebody starts a botnet to download illegal material from well known honeypots, half of America would be accused of filesharing and illegal downloads.
That would be the ultimate LuLz.
Heck, people could do it to the iPhone and Android too.
Re: Re: And they STILL miss the much bigger point
To funny!! hey, maybe that’s why half the households in France are getting nailed by hadopi …
Re: Re: Re: And they STILL miss the much bigger point
Maybe 🙂
Re: And they STILL miss the much bigger point
Rich, the disconnect isn’t totally relevant here because we are not talking a criminal case, but a civil one.
Further, the question is always the same: Is the user liable for what happens on their connection, due to their computer being hacked, broken into, or failing to install and maintain proper anti-virus software?
The number of zombies online is greatly overstated, and for the most part these days are concentrated in countries with high software piracy rates – you know, the people who can’t get windows updates, run systems with known security flaws, don’t use anti-virus at all, and download anything and everything they can get their hands on without checking it.
The US infection rate for bots is somewhere around 1-2%, which puts it on par with many other criminal activities. At worst, there is a 1 in 50 chance that a given user has a bot on their machine. It is something that could clearly be determined when the machine(s) in question are seized as evidence and inspected.
All of which is part of a defence, but only comes after admitting that yes, you are the user at that IP at that given time. Then the rest of the case can move from there.
Re: Re: And they STILL miss the much bigger point
I’ll sharply disagree with you on the number of zombies worldwide, but this is of course just a question of your estimate vs. mine vs. every else’s. The true number is not only unknown, but unknowable, since (a) any zombie that does nothing to make its presence known will likely remain undetected indefinitely (b) even if it DOES do something, if that something isn’t noticed, it’ll still remain undetected indefinitely (c) the “somethings” are getting more subtle and harder to recognize all the time and (d) we’ve known for years that large numbers of them are kept in reserve.
That said, three of us with significant experience in the field came up with a consensus estimate several years ago based on very large-scale observations; at that point, we concurred that 100M was in the ballpark. In the intervening time, nothing has happened to indicate any decrease in that number, and a lot of things have happened to indicate a significant increase. (Consider: it is now fairly routine to hear reports of busts of botnets with 10M members. Surely those are not unique, and surely they’re not the largest, and surely they’re not the most competently-operated…since the latter won’t be busted.)
Note that shortly after we made our estimate, Vint Cerf of Google made his: http://arstechnica.com/old/content/2007/01/8707.ars cites him as estimating that 150M out of 600M connected systems were members of botnets. That’s 4.5 years ago, and in the interim, we’ve connected a LOT of new systems to the ‘net, including smartphones, tablets, etc. So my view (as of summer 2011) is that any estimate under 100M is ludicrous and may be instantly discarded. Higher estimates vary, of course, but I think 200M is certainly “plausible”, but would not reject (let’s say) 150M or 300M, both of which are also possible.
And I think — whatever the number is — it’s important to note that it’s monotonically increasing, and that it will apparently continue to monotonically increase because nothing has been done to make it do something else. So if there are — for the sake of argument — 183M zombies today, then a year from now there will be 184M or 201M or 193M — not 170M.
All that said, it’s not clear to me who, in a civil case, is liable. For example, I would say “Microsoft, for shipping an operating system that’s pre-compromised at the factory and unfit for any purpose”. Others would blame the lack of anti-virus software, others would blame poor computer skills/habits, etc. I think there’s a lot of debate here, both on a technical level and on a legal level. But I do think that plaintiff should be required to establish at least a reasonable likelihood that defendant did X, Y and Z — and I think that in the present environment, even clinching, forensically-verified proof that the defendant’s computer did X, Y and Z doesn’t mean the defendant did it.
(Let me toss in an aside that many forensic examinations are awful. Note that last week here on TD we were reading about how the FBI was baffled by a dual-boot system. And remember the Julie Amero case, also discussed here repeatedly? That poor woman had her life destroyed by malicious prosecutors, ignorant police, and incompetent IT people.)
Where I will agree with you is that the statistical distribution of zombies has changed over the years. Botnet operators of course prefer control over systems with substantial CPU/memory/disk, and with adequate bandwidth. As the Internet has become more prevalent around the world, and as computer costs have dropped, there are more systems with more bandwidth available in more places. So whereas a 1995 botnet might have had most of its members in the US, Australia, and western Europe, today’s botnets may have members in Vietnam, Peru, Romania, and Egypt. This may well overlap with bootlegged/unpatched software, but there’s no way (that I know of) to measure that correlation based on what’s in the packets.
Re: Re: Re: And they STILL miss the much bigger point
Yes, but since the Saint Cerf (he really is) made his comments, there has been a number of items of progress.
1 – Windows 7. Like it or hate it, it is incredibly much better at blocking these sorts of things from happening.
2 – 4.5 years of development by symantec and other companies on anti-virus technology.
3 – the shift to webmail: email use to be the best way to infect a system, because people would click attachments and such. Most of that sort of spam mail is gone.
4 – improved browsers, combined with better security tools, that do a much better job at stopping many of the biggest web based security attacks.
5 – Significant numbers of bot networks shut down, their C&C structures decimated, and so on.
Your numbers would be plausible if we straight lined previous numbers, but that isn’t the case. Just the introduction of Windows 7 has, especially in the western world. changed the number of bot nets and such going on.
A quick story: I get a call the other day from “your internet provider” pointing out that I have a problem with my “windows computer”. Turns out it’s a scam from India to try to get you to allow a remote desktop access so they can install malware, under the guise of being your ISP. Stuff like this happens only because other infection paths are becoming too difficult. They are going for a direct method that requires tons of man hours, tons of effort, and tons of human engineering to get it done, all to get past the improved security of most computers these days.
As for distribution, countries such as Brazil have high botnet infection rates, as does mainland China, Thailand, Vietnam, and not surprisingly Spain. All countries that are incredible tolerate of piracy (or encourage it), and still have tons of people running Windows 98 or Windows XP, pre SP2. Those machines can be infected so easily, even Nicedoggy could do it.
Next time you are poking around, look at the connections into your mail servers, and see where the spam mail is actually coming from (don’t both with headers, actually look at server logs). You will then know pretty much what is bot net, and what is not.
Re: Re: Re:2 And they STILL miss the much bigger point
Quote:
I challenge that.
Quote:
Source: http://www.venganza.org/about/open-letter/
The graph:
http://www.venganza.org/images/PiratesVsTemp.png
You see I do have a graph to show for it, you OTOH just say things and doesn’t show any sources to your incredible claims.
Re: Re: Re:3 And they STILL miss the much bigger point
Nicedoggy, go have a read:
http://www.symantec.com/business/threatreport/print.jsp?id=malicious_activity_by_source
While the US is number 1 in this report, it was mostly about Rustock, which has been killed off. You will notice when you start looking down at the bot numbers, Brazil is nubmer 1. Considering how small some of these countries are, they have incredibly high rates of infection per 1000 users.
The rest of your post makes absolutely no sense. Is this something you are preparing for your grade 10 english test?
Re: Re: Re:4 And they STILL miss the much bigger point
Now please show everybody where is the correlation with the number of pirates with the numbers of virus infections?
There is none you took that out of your ass.
Re: Re: Re:5 And they STILL miss the much bigger point
Umm, I wasn’t trying to claim any correlation. In fact, I am saying there is probably none.
But high infestion rates are often found in countries with high piracy rates. The most common source is unpatched windows XP installs, which is usually a sign of someone using a copy that has been blocked from getting updates.
The only one talking out of your ass is you. Please stop already.
Re: Re: Re:6 And they STILL miss the much bigger point
And you keep talking out of your ass.
Re: Re: Re:4 And they STILL miss the much bigger point
The U.S. has been number one in virus infection for years no other country comes close and you are trying to say it was because one botnet? really? are you serious?
Number 1 in number of scammers, not even the Nigerians can beat Americans and most of them are located in California, where Hollywood is coincidence?.
United States 66.1%
http://www.consumerfraudreporting.org/internet_scam_statistics.htm
See I can pull out numbers too, and make absurd claims that have no foundation in reality.
Re: Re: Re:5 And they STILL miss the much bigger point
Number 1, yes, only because they have the largest number of machines – but not the largest per capita.
Re: Re: Re:2 And they STILL miss the much bigger point
You make some (partially) good points, but unfortunately you paint a far better picture than reality and decades of spam history support. Let me — briefly — address each of these.
1. Windows is still Windows — a markedly inferior operating system both in design and implementation. (As are the associated applications.) Windows 7 may be an improvement, and it appears to be so in some aspects, but it is still miserably insecure and routinely breached. It is worth noting that not even Microsoft, who wrote it and has essentially infinite personnel and financial resources, has been able to do so.
2. Anti-virus software is worthless pablum. It’s a greedy attempt to exploit the people who purchase and operate inferior operating systems. Those who choose their operating systems properly do not NEED anti-virus because they run operating systems which are of sufficient quality. Those who choose their operating systems poorly are deluding themselves if they think anti-virus will save them.
3. The shift to webmail has diminished the use of some propagation vectors; it’s brought new ones. Surely you are aware that some major webmail providers, such as Yahoo and Hotmail, are riddled with security holes, are utterly incompetent at stopping inbound or outbound spam, phishing, and exploits?
4. Yes, some browers are better, although IE is still a worthless piece of shit that nobody should use. What has also helped is the deployment of browser add-ons such as NoScript. If we were really serious about security those wouldn’t be add-ons but would be built-in to every browser. Of course the idiot web designers who cook up sites whose home pages won’t even display without scripting would be appalled, but they are disposable.
5. The shutdown of a botnet is of no importance whatsoever. It merely provides an opportunity for Microsoft et.al. to beat their chest and lie about what a great victory they’ve achieved…when in fact they’ve accomplished nothing. Of course all the zombies that are part of that botnet are still fully-compromised, they still have the security holes, they still have the same careless, clueless users, they still have the same inferior operating system, they still have the same crappy applications. And so, soon enough, they will be part of another botnet.
As to the connections into my mail servers, if you will review the archives of spam-l from the better part of a decade ago, you’ll find that I was one of the (several) people using not only connecting DNS/rDNS information, but passive OS fingerprinting to identify their OS. I’m not only familiar with these techniques, I invented, or co-invented, some of them. I am (painfully) well aware of what the landscape out there looks like, and thus equally-painfully well aware that the situation continues to get worse.
And therefore I dismiss, with prejudice, any suggestion that the number of zombies is getting smaller. Not only is there absolutely no reason for that to happen, but (close to) a decade’s worth of data says precisely the opposite.
Re: Re: Re:2 And they STILL miss the much bigger point
hah, it’s not just me getting these calls that say we’ve detected a problem with your computer and then they can’t answer any specific tech questions.
Such an obvious pathetic attempt at social engineering!
Re: Re: Re:3 And they STILL miss the much bigger point
Well, yes, it’s obvious and pathetic…and it works.
See for example: http://techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/ for a case study. Approaches like this are frequently succesful because nearly all organizations presume that their users are secure…and they’re not.
So it didn’t work with you: are you certain it won’t work on the idiot three offices down, you know, the one who clicks on everything shiny?
Re: Re: Re: And they STILL miss the much bigger point
Typo in the last paragraph: s/1995/2005. Mea culpa.
While this is standard in many cases, more and more courts have begun realizing it is not appropriate in these copyright trolling cases where the sole purpose is to identify users to try to pressure them into settling.
How many courts have actually done this?
Re: Re:
not many yet, but something like 23000 Does were dumped from a fishing trip in DC.
There is a Judge in Illinois who promised to kick every single one of Steele’s case’s assigned to him. Hes quoted in the motion.
All of this stuff is the old SODDI defence, the “some other dude did it” that rarely flies. It has become the “two black youths” of the online age.
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn’t really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it’s use.
It’s a great motion, but it ignores basic facts.
Re: Re:
“It’s a great motion, but it ignores basic facts.”
The irony, of course, being that you failed to supply a single fact in your entire comment. All you did was put together a list of suppositions and opinions.
Nicely done, on the irony scale.
On the information scale….not so much….
Re: Re: Re:
DH, are you dense? Can’t you read? Any number of cases regarding long distance phone charges, 900 line charges, etc. You can go look for caselaw it if you want.
Remember too: We are talking civil lawsuits, not criminal cases. While the motion suggests that IP isn’t enough to pinpoint an individual user, it is certainly enough to determine the connection used, the location of that connection, who is responsible for that connection, and creates the old “preponderance of evidence” that the user assigned to that IP is responsible for what is happening on that connection during the time they are logged on.
It’s the funny part here, we aren’t talking “beyond a reasonable doubt”. The motion MIGHT, MAYBE past muster if it was a criminal case, and even then, unlikely (see phone charge lawsuits). In a civil case, it’s a slam dunk admission from the defendant that the IP address is theirs, that they were logged on at the time, but they are suggesting someone else might have used it. It’s unlikely to fly in a civil case.
As for your comment, your reply is a little lacking in imagination and depth. On the irony scale, you win!
Re: Re: Re: Re:
I think some people don’t realize that the IP address is used to identify the subscriber, and then from there the copyright holder can gather more evidence to see if the subscriber is his man. There’s two good criticisms of this though.
First of all, the subscriber (of course) gets immediately sent a settlement offer agreement. Pay us now and we’ll forget the whole thing. While settlements are quite common, the practice of nuisance suits is discouraged, and rightfully so. The last things these plaintiffs appear to want to do is actually go through with a costly trial. Sure, there might be an example or two made of some unlucky souls, but in the end these are nuisance suits, plain and simple.
Second of all, it’s my understanding that just having an IP address and evidence that someone used it to infringe is prima facie evidence of infringement. Unrebutted, the plaintiff wins. I think that given the number of unprotected or public wifi connections that exist, there’s a strong possibility that the subscriber didn’t actually “do it.” Given this, I think the plaintiff should have to produce more evidence to satisfy his burden.
Re: Re: Re:2 Re:
You almost got it, until you hit the ” I think that given the number of unprotected or public wifi connections that exist, there’s a strong possibility that the subscriber didn’t actually “do it.” “.
In a civil suit, they don’t have to prove absolutely that the subscriber did it. They only have to show a preponderance of evidence. OJ was not guilty of murder (criminal) but clearly liable in civil court. The standards are much lower.
The plaintiff shows that this IP was assign to this user at this time, this user is the subscriber, and has the needed equipment (computer) to have pirated the material. That would appear to be more than enough to satisfy the burden of showing that something happened, happened there, and happened with this subscriber, who is able to do the work (ie, the IP address isn’t a printer or a DNS server).
The subscriber would then have to show that someone else did it. “could have done it” might be okay in a criminal case, as it might create reasonable doubt, but in a civil case, reasonable doubt isn’t enough. The burder for the plaintiff is way lower here, and appears to be easily met by normal means, regardless of what all else comes up.
Re: Re: Re:3 Re:
So, in a civil court it’s “Guilty until proven innocent”? Be that the case, don’t you see a problem with that?
Re: Re: Re:4 Re:
Not “guilty until proven innocent” at all. The plaintiff comes with IP address, time, etc, and the ISP provides the user information. So far, we have a whole lot of proof, more than enough at that point to meet the old preponderance standard. There is no “guilty until proven innocent” here, we are working with actual evidence, not just someone’s imagination.
The standards are lower in civil court, not non-existant.
Re: Re: Re:5 Re:
You may claim what you want, but we are yet to see the acceptance of this “solid” evidence in courts. So far we only witness the opposite.
Re: Re: Re:6 Re:
[citation needed]
Re: Re: Re:7 Re:
1. How can I quote none-existent judgements in favor of this “evidence”?
2. There were reference to judge’s Baker’s statement.
Re: Re: Re:7 Re:
The citations you seek are in the article you are posting to. Please re-read it.
Re: Re: Re:5 Re:
Although at least in this instance, the standards are so low as to be equivalent to nonexistent.
Tying an IP address to a particular machine at a particular time doesn’t even come close to identifying the person doing the deed. Botnets are rampant, and strangers using other people’s wifi is extremely common even when the wifi is properly locked down (it’s easy enough to hack into a wifi hotspot, even WPA protected — that amateurs can and do accomplish it by using readily available software).
An IP address is proof, at best, only that that connection was used for that purpose. It indicates almost exactly nothing about the person who was using it.
Re: Re: Re:5 Re:
Actually you are only working with circumstantial evidence that might or might not have been contemporaneous, and most definitely is not Direct Evidence in any way shape or form.
Because of this the onus of proof should not be on the respondent(s) to prove that the plaintiffs circumstantial, and in a lot of cases anecdotal, evidence is false.
This is why court upon court in numerous forums and jurisdictions have all stated that an IP address and a time do not create enough preponderance to identify a specific individual for anything other than they might know of something.
And lets not get into the very argumentative discussion on whether the plaintiff(s) evidence is actually able to be authenticated by an unbiased party. Most Plaintiff(s) in these actions are fighting tooth and nail to stop the authentication being analysed in discovery since it has been proven it is open to false positives, tampering, and downright fraud and is very much adverse interference on the part of some plaintiff(s).
But hey what do I know, other than dealing with this sort of evidence, investigation, and legalities every day.
Re: Re: Re:5 Re:
…the ISP provides the user information.
Please quit telling such lies. The ISP may provide the identity of the account holder, but likely have no idea who the user was.
So far, we have a whole lot of proof, more than enough at that point to meet the old preponderance standard.
Not even. Considering the number of people it often *could* be, the odds are *way* lower than even “probable” that the correct person has been identified. Why do you tell so many lies? Does copyright make you do it? If so, we need to get rid of copyright.
Re: Re: Re:3 Re:
So there is no need to investigate that someone had a virus, had their connection hacked, was victim of a neighbor from hell, nothing like that?
http://www.zeropaid.com/news/94409/p0keu-hacks-eastern-district-court-of-tennessee-website-passwords-exposed/
Can the Tennessee court of justice be liable for everything other can do now that they got their passwords?
Can the police be responsible for disclosing every informant they had and be sued for damages then?
They are the responsible parties for those things according to your own logic right, it was their computers, that were used to do those things and they are responsible right?
http://www.zeropaid.com/news/94630/load-gearing-up-for-massive-8gb-multinational-data-dump/
http://www.zeropaid.com/news/94625/p0keu-dumps-nearly-300-military-and-government-accounts-to-pastebin/
Not even the government can secure their networks and you are saying somehow that majority of people that probably live on a 30K per year income needs to be responsible for that?
Are you stupid?
Re: Re: Re:4 Re:
Nicedoggy, no, you are the one being very stupid indeed.
If you are aware that your password got out, wouldn’t you change it? Failing to change it after you know it has been broken would be pretty ignorant, wouldn’t it?
All the data dumps in the world don’t really matter anyway, because we are talking a very specific combination of user, location, ISP, etc. Are you so entirely ignorant of how the internet works to think that you can use and username and password at any internet connection and get service? Are you cracked?
Son, you disappoint. Your ignorance is showing.
Re: Re: Re:5 Re:
…because we are talking a very specific combination of user, location, ISP, etc.
“location” was added to troll’s mantra only recently. Until they were pushed to the wall they tried to convince courts that it was impossible to deduct location from IP. Now some of them are pushing very bizarre conspiracy claims to overcome basic jurisdiction questions. All these games are nauseous and don’t add to credibility of these “specifics”.
Re: Re: Re:5 Re:
Quote:
Now I know you are IT ignorant LoL
What do you think, people who are part of a botnet know they are part of one and don’t try to do nothing about it?
Even the government had intrusions that lasted years now and you want to say that somehow normal people with no resources and no knowledge should be able to detect and do something about it when those things happen?
LoL
Re: Re: Re:5 Re:
Quote:
Also you do understand that if I put a backdoor on someones system I own that box right, it doesn’t matter where it is, what password it has, I will be the one in control, the same goes for routers that people think of as not being computers but can be hacked just the same, so your PC could be all clean but your router could have been compromised and its now owned by somebody else.
Why lawyers like you think they don’t need to learn anything?
Re: Re: Re:5 Re:
Okay then, find my IP address, location and ISP from this post.
I’d be willing to bet that you can’t.
Re: Re: Re: Re:
You see maybe Anonymous is doing the wrong thing, maybe they should start to create massive botnets that will download illegal stuff from well known honey pots to get caught to prove just how stupid that view is.
That would be the ultimate lulz!
Millions of people accused of piracy without having done nothing.
Re: Re: Re:2 Re:
Maybe Anonymous are doing the wrong thing, but they were instrumental in ACS:Law demise in UK.
Re: Re: Re:3 Re:
Yes they were, but could they do more?
Re: Re: Re:4 Re:
They are busy solving global problems 🙂 We extortion victims must rely on ourselves, and “yes we can”… http://fightcopyrighttrolls,com
Re: Re: Re:5 Re:
I just realized how Obamish this whole “Yes” thing sounds 🙂
Re: Re: Re: Re:
“DH, are you dense? Can’t you read? Any number of cases regarding long distance phone charges, 900 line charges, etc. You can go look for caselaw it if you want.”
Right, but all of that is only relevant to your SUPPOSITION, that internet connections aren’t much different than telephone lines.
“Remember too: We are talking civil lawsuits, not criminal cases. While the motion suggests that IP isn’t enough to pinpoint an individual user, it is certainly enough to determine the connection used, the location of that connection, who is responsible for that connection, and creates the old “preponderance of evidence” that the user assigned to that IP is responsible for what is happening on that connection during the time they are logged on.”
That’s fair, though debatable. Certainly it isn’t a “fact” as you’d stated. You’ve got a fairly hefty debate occurring over how responsible people should actually be for IP Addresses, with things like open WiFi and spoofing to be considered. This story actually hilights that such a debate is occurring. Those aren’t facts, this is all opinion.
“In a civil case, it’s a slam dunk admission from the defendant that the IP address is theirs, that they were logged on at the time, but they are suggesting someone else might have used it. It’s unlikely to fly in a civil case.”
All fair speculation. But that’s what it is: speculation.
Look, partner, you’re allowed to have an opinion. It’s fine. But to make some broad statement about how everyone should see the facts here w/o actually presenting any FACTS is just silly. So just say it’s your opinion.
“As for your comment, your reply is a little lacking in imagination and depth. On the irony scale, you win!”
…..what? Assuming everyone agreed that my comment sucked and lacked imagination and depth….where would the irony be?
Re: Re: Re:2 Re:
I don’t think they know what irony actually is.
Re: Re: Re:3 Re:
They think it’s what rusty nails taste like.
Re: Re: Re:2 Re:
DH, do you have any rulings you would care to point to that show that an internet subscriber is not responsible for their bills, and are not subject to terms and conditions as I quoted above?
I worked with facts. What are you working from?
Re: Re: Re:3 Re:
Well, here’s one such instance, specifically relating to the court saying an IP address does not equal a user for a civil court filing. I’m there are rulings in your favor as well. That’s the point: this is currently in debate, not settled….
http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/
Re: Re: Re:3 Re:
http://www.wired.com/threatlevel/2011/07/hacking-neighbor-from-hell/
Why Matt and Bethany Kostolnik are not in jail along with Barry Ardolf?
You see they could have end up in jail for things they didn’t do, but were fortunate to have the money to pay for a forensic team to look into matters.
Others may not have that luxury though.
Re: Re: Re:3 Re:
Since you asked so nicelly here.
Quote:
Source: http://deyhimylaw.com/content/copyright-infringement-cyberspace-decoding-strict-liability
22 Sony Corporation of America v. Universal City Studios, Inc., 464 U.S. 417, 434-435, 104 S.Ct. 774, 78 L.Ed.2d 574 (1983).
23 The inference of knowledge/intent drawn from access in Columbia Pictures Industries, Inc. v. Zakarian, 1991 U.S. Dist. LEXIS 6978, at *10 (N.D. Ill. May 22, 1991), cited in Columbia Pictures v. Landa, 974 F.Supp. 1, 17 (D.D.C. 1997) turned on the fact that 144 videocassettes seized from defendant‟s business were illegal duplicates of the copyright motion pictures.
24 Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146, 1168 (C.D. Cal. 2002).
Re: Re: Re:4 Re:
Nice, but that judgement is in regard to ISPs and not end users. Please try again.
Re: Re: Re:5 Re:
No its not try again.
Re: Re: Re:5 Re:
I note you didn’t respond to mine….
Re: Re: Re:3 Re:
Also have those people not broken the law by tracing and registering signaling information that was private, without a court order?
Quote:
Source: http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
Also please explain why courts are ignoring ECPA:
Quote:
source: http://en.wikipedia.org/wiki/Doe_subpoena
Re: Re: Re: Re:
In what bizarro world can you claim that there is a preponderance of evidence enough to pick Me, as opposed to the 5-10 others who use my Internet connection daily, as the person who infringed on a specific copyright? You’d have far better odds of calling the correct flip of a coin than you would at picking the right person to accuse by my IP address. That is a fuck of a long way from a preponderance.
Re: Re: Re:2 Re:
In what bizarro world can you claim that there is a preponderance of evidence enough to pick Me, as opposed to the 5-10 others who use my Internet connection daily, as the person who infringed on a specific copyright?
That’s known as the bizarro world of copyright apologists.
Re: Re:
All of this stuff is the old SODDI defence, the “some other dude did it” that rarely flies. It has become the “two black youths” of the online age.
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn’t really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it’s use.
It’s a great motion, but it ignores basic facts.
I agree that there’s good reason to allow discovery to commence against the subscriber of the IP address (and lots of caselaw to back it up), so I don’t have a problem with these subpoenas, but I’m curious about your last remark. How is it that the subscriber is necessarily “legally on the hook for its use”?
Re: Re: Re:
You said: “How is it that the subscriber is necessarily “legally on the hook for its use”?”
Me: Well, there is a bunch of ways that you get to the same thing, but the easiest is contractual. Almost every ISP has a contract, a terms of service, that includes boilerplate style:
“You are solely responsible for all access to and use of the Service through your Account, including any breach of the Service Agreement, by you or any user of your Account. If you do not wish to be bound by the terms and conditions of this Service Agreement, and pay the fees, charges, taxes and expenses associated with the Service, you may not access or use the Service.”
Right away, contractually the end user is responsible for the connection. That contract puts the connection in the sole control of that customer.
It isn’t any different from phone bills, gas bills, electric bills, etc. None of these allow for a “SODDI” defence, unless you can show the “SODDI” in question, say by showing an illegal tap on your electrical line going to your neighbors house, or that someone has dug up and re-routed your gas line illegally.
The motion fails to show how a contracted service, limited by terms, assigned to a single customer for internet service is any different from any other utilities. It is clear in modern terms that internet service is no more and more less of a utility than any other monthly rate service for your home, and it creates a huge hill for these people to climb over to prove that somehow internet service is different from electricity or phone service.
Example: Let’s say you have a house, and on the outside you have a number of plugs (to use for your electic lawn mower, example). One of your neighbors starts a small grow op in his shed, and runs extensions over and takes as much power as he can without popping your circuit breakers. Unless you can show where the power went, you are pretty much on the hook for the increased power use. Even then, you would likely have to prove that you were not helping him out. Good luck with that.
So I think that while the motion is nicely detailed and all that, it ignored basic facts and precedents that exist in law from 100+ years of utility services, billing, and collections.
Re: Re: Re: Re:
I meant to have this posted under this fools comments
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn’t really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it’s us”
Really… Then i guess i should have been responsible and paid that 6,000 $ cell phone bill that came in once.( back in the old days when i had the moto flip phone brick) It was my phone and ESN.
I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)
Re: Re: Re:2 Re:
Adam, no, in both cases, it is easy to spot the “non-responsiblity”, the changing of the long distance carrier (illegal act) and the cloning of your phone (which would show up as a second phone on the network in places you are not at).
Would you care to try again with actual examples that don’t have other, clear ways of explaining them?
Re: Re: Re:3 Re:
You’ve seriously never heard of anonymising services?
Re: Re: Re:4 Re:
I am sorry, can you manage more than a single line to try to explain your random ideas?
Re: Re: Re:3 Re:
Really? Easy to spot? They why did they let continue for two months? The system should have picked up two phones with the same ESN and stopped it. What if that person decided to phone murder or bomb threats. The SWAT team would smash down my door and haul me away. My phone my ESN. Same as MY IP and my modem.
Re: Re: Re:2 Re:
I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)
I once received a very large long distance bill from AT&T for calls to a bunch of places all over the world (mostly banks it turned out) during the day when I was at work. AT&T insisted that that the calls had been made on my phone and that I must pay up. Well, the only way those calls could have been made from my phone would have been by someone entering my apartment during the day with a key and making them. After many fruitless calls to AT&T, and them insisting that no mistake could have been possibly made, I finally told the AT&T person that I was about to call the police and report a break-in. About five minutes after I hung up AT&T called back and said that they had experienced an “equipment issue” and admitted that the calls had actually been made by some bank downtown and not even from my phone in the first place. They took the charges off, but only after I was about to get the police involved.
If AT&T can make that kind of mistake with a phone number, don’t try to tell me that IP addresses can’t be wrong too.
Re: Re: Re: Legal boilerplate doesn't obligate me: it's unconscionable.
By terms put in most such “contracts”, they all but own your soul, and can unilaterally change terms at any time.
In actuality, the only contract is the obvious common law terms: that I pay the ISP and their electronic equipment passes my data on through to the internet.
Legalistic corporatists rely on statute and “contract” law, but those don’t supersede common law, nor in last resort, appealing to a jury on such basis. Lawyers profit from layering precedents and keeping the people ignorant, so even though you’re “right” within weenie legalisms, you’re WRONG in the court of public opinion.
Re: Re: Re:2 Legal boilerplate doesn't obligate me: it's unconscionable.
WTF, that actually made sense and was on topic. Did someone borrow your computer while you were getting coffee?
Re: Re: Re: Re:
You make a convincing *legal* case. However, you’ve totally come disconnected from the facts. Maybe the “IP subscriber” is indeed responsible, legally. And maybe, just maybe, hanging all the responsibilty on the “IP subscriber” will work out for Copyright Troll John Steele, and his clients, and they will make tons of money and provide what consumers want.
But the real issue here is do we as a society want this equation of “IP address” and identity? I’d argue “no”. We as a whole don’t want this, as it will cause more problems for more people, and it maybe solves a few problems for a few people.
In the end, what you’ve done is give us one more example of the legal system crawling inside itself, and coming unstuck from reality.
Re: Re: Re: Obligation ends when someone else commits crime on your dime.
This is another objection to your legalisms, particularly: “Let’s say you have a house, and on the outside you have a number of plugs (to use for your electic lawn mower, example). One of your neighbors starts a small grow op in his shed,” — No, by stealing your electricity, the neighbor has committed a crime for which you are in no degree responsible. You’re trying to equate unable to prove innocence with guilt. It’ll be a burden and risk, yes, you’re right, but doesn’t at all taint you if the truth can be made clear.
By your notions, if you rent a car and someone steals it, then you’re liable for them running over children. – No, that’s TWO crimes by someone else. See the difference?
Similarly, IF someone uses your internet connection without your knowledge or permission, then that’s a crime in itself. A mere IP address doesn’t make you guilty of whatever is done, then. That’s the hurdle under discussion. Nor does the lack of technical expertise throw guilt back on. And always remmeber, people: we’re entitled to a jury of our /peers/ not to a jury of weenies who owe allegiance to the legal guild, who depend on it for their income. So be sure that the first motion you ever file in ANY court case is for a jury trial — even for a traffic ticket.
Reasonable people wouldn’t conclude that everyone has to know every possible drawback to computer networking, when even experts in the field don’t, even the engineers who build the equipment don’t know every exploit, so ignorance IS a practicable defense for this. Not that I’d want to get to that point.
Re: Re: Re:2 Obligation ends when someone else commits crime on your dime.
Oh boy, you opened a few amusing cans of worms here.
First, if you cannot prove your neighbor stole the power, who can you prove you aren’t responsible for it? Think about it for a second. Did you file a police report? Did you report the theft? Or is it just “you think he did it”?
Rental cars? Well, it depends on where you rent it, and what you may have done that caused it to be stolen (like leaving the keys in it, example). Vicarious liability is a nasty thing, you could be found 1% liable, but being the only defendant with money, you could end up paying out the full amount. It’s hard to say, and it isn’t as cut and dry legally as you wish it was.
You said: ” IF someone uses your internet connection without your knowledge or permission, then that’s a crime in itself.”
It depends. If you left your WiFi open for anyone to use, did they in fact commit a crime, or did you invite them in? As for guilt, you are again using the criminal standard, not the civil one. You are looking at absolutely proof, that is not required in a civil case, just the preponderance of evidence. While you can offer up some “maybe” or “perhaps”, it is very hard to get away from the end user being the one paying the bills, maintaining the connection (modem, wifi, whatever), and having a computer more than capable of committing the piracy.
This is all of course without seizing any and all computers and equipment on premises as part of discovery to actually check them. We are only at the “can we bring a case against you” stage, and the bar at that point is even lower than a preponderance of evidence.
Re: Re: Re:3 Obligation ends when someone else commits crime on your dime.
Quote:
If it was a rape victim would anybody condemn the lady because she was dressed provocatively?
There is no law forcing people to be experts or to have to lock down everything you are trying to input liability where there is none.
Re: Re: Re:3 Obligation ends when someone else commits crime on your dime.
Please explain why courts are ignoring ECPA:
Quote:
Source: http://en.wikipedia.org/wiki/Doe_subpoena
Besides that little fact there is the “Good faith” thingy. What judge would grant a subpoena to a guy who after that contacts directly the accused and ask money from that person and never brings lawsuits?
That is no good faith, proper or right.
Re: Re: Re:4 Obligation ends when someone else commits crime on your dime.
Besides that little fact there is the “Good faith” thingy. What judge would grant a subpoena to a guy who after that contacts directly the accused and ask money from that person and never brings lawsuits?
The guy is just being nice in allowing them to settle. They don’t have to if they don’t want to.
Re: Re: Re:5 Obligation ends when someone else commits crime on your dime.
Yes! That guy who is worried about the possibility of a small store to be burned is also nice to offer protection for a small fee. Store owner does not have to pay if he does not want.
Re: Re: Re: Re:
Right away, contractually the end user is responsible for the connection. That contract puts the connection in the sole control of that customer.
Contractually they’re responsible to the party they contracted with, i.e., their internet provider. How does that necessarily make them responsible to third parties though?
…it creates a huge hill for these people to climb over to prove that somehow internet service is different from electricity or phone service
But it is different, since I don’t loan out my electricity or home phone to the world like I could if I leave my wifi open. Of course I’d be on the hook to the power company or the phone company for whatever bills I rack up, but that’s different than being liable to some third party that I haven’t contracted with.
I like the argument, but I have to think about some more.
Re: Re: Re:2 Re:
And let me give you a scenario that actually happened to me a couple of days ago. I got a new cable modem since my old one was shot. I called my ISP to give them the MAC so they could activate it. The tech asked me if I had a router. I told him I did, and then he told me to get a paperclip and push the “reset” button on the back of the router. I didn’t do this because I knew there was no need to, but it got me thinking. If I had done as he asked, I would have reset my router, which has wifi, back to the factory settings, which is open wifi. So you’ve got wifi manufacturers supplying open wifi routers and ISPs telling their customers to open up their wifi. Whose fault is it then if the wifi is open? If we’re going to lay the blame on the party who is mostly to blame, then I’m not so sure it’s the subscriber with an open wifi. A lot of people just aren’t technically savvy. My parents had an open wifi for two years before I realized it and locked it up. They had no idea what open wifi even means. If somebody hijacked their wifi and downloaded something, are they really to blame?
Re: Re: Re:3 Re:
Your car comes with a door lock. You can choose to use it or not. That is up to you.
Re: Re: Re:4 Re:
Does your car lock comes with a complex configuration system to lock itself?
Would you be able to sing, dance and tap and then try to insert the key, for which you should sing in the exact tone necessary to open it or lock it?
Re: Re: Re:3 Re:
I don’t think a tech would have asked you to reset the router configuration. It would be correct for him to ask you to reset (i.e reboot) the router. This would clear the routing table and, in particular, the arp table. I am guessing there was a miscommunication about what your router’s reset button did. Then again, I have a habit of underestimating people’s stupidity. Since the button was recessed, (done commonly for making the configuration reset harder) the tech guy is confused and you should complain to the ISP.
Re: Re: Re:4 Re:
Actually, in my experience on the other side of the phone, they are often told them must reset routers. The GOOD ones will not tell a customer to do that unless they find something else that makes it necessary, but it is listed within the processes.
Re: Re: Re: Re:
Example: Let’s say you have a house,…
Exactly. And let’s say that the body of a dead person turns up in your front yard some morning. It’s your yard, so unless you can prove that you didn’t kill them, you’re going to be responsible for it (at least civilly to the victim’s family and maybe criminally too). So if you don’t want to take that kind of chance you’d better build a tall fence around your front yard. If you don’t and something like that happens and you get blamed for it then it’s your own fault and you deserve whatever happens to you.
Re: Re:
Can phones bills be hijacked by anybody remotely?
Botnets could transform 80% of the planet into criminals and people really didn’t do anything they had their computers hijacked, and that is not even counting wardriving.
Not even the police can stop their computers from being compromised, not big companies that have millions to spend on security and you want people to be able to do it when most of then are in the 30K/per year income bracket?
Re: Re: Re:
it comes back to the same thing – you are responsible for the equipment you connect. Failure to run a secure system isn’t the plaintiff’s fault, and would show negligent behaviour by the subscriber.
It’s another SODDI defence, not exactly a strong reply to the lawsuit.
Re: Re: Re: Re:
Define secure system.
Re: Re: Re:2 Re:
Secure system = one that’s powered off, not connected to any networks, and has no remote ‘power on’ abilities…
And it’s only secure as long as it stays in this state, as soon as power or any network connection is attached to the computer, the system is no longer secure.
Re: Re: Re: Re:
Negligence argument was smashed to bits on TorrentFreak recently: https://torrentfreak.com/are-you-guilty-if-pirates-use-your-internet-lawyer-says-yes-110806/
Re: Re: Re:2 Re:
So I guess the Courts in Tennessee and elsewhere in the U.S. can start prepping up for all sorts of damages, since they failed to secure their networks and hackers have their passwords and can do a lot inside that system now.
Also PD’s everywhere in the US had their systems compromised and could be prepared to be liable for all the confidential information that they let out.
Re: Re: Re:3 Re:
Doggy, you need to get off that one. They got hacked, it happens, but smart people don’t leave their passwords the same, throw up their hands, and just leave their networks open for other kids like you to come in.
Are you suggesting that after they were hacked that they did nothing to change passwords or secure their network? Are you truly that stupid?
Damn, I will be happy when we get to September and you have to go back to high school.
Re: Re: Re:4 Re:
Quote:
Those are your own words stupid.
So the disclosure of all those informants the police had can according to your logic lead to the PD being liable for all the damages others suffer since they failed to secure their networks.
Also any damages resulting from the breach could lead the Tenessee court to be liable for those damages, since they failed to secure their networks.
Or are they not responsible for the equipment they connect to?
in your own fraking words again.
Quote:
Why are you trying to say it is different?
Re: Re: Re:4 Re:
What I’m showing is the impossibility of what is being asked to be accomplished.
Not the government, not big companies, not even the courts can secure their networks so there is no negligence, what there is, is the impossibility of being secure.
If the courts asked for God to come down and testify would that be possible can anybody be held responsible for God not appearing in front of a judge?
Re: Re: Re:2 Re:
My note was a bit ambiguous: I meant that this argument was smashed to bits in the comments section, not in Randazza’s post.
Re: Re: Re:3 Re:
Since Torrentfreak only allows people with scripts on to view comments that is not very useful for me.
Since I’m not going to allow any scripts to run.
Can anybody tell if Lynx works to view the comments there?
Re: Re: Re:4 Re:
Poor scripts. Not allowing them to run ruins their scripty childhoods. Authorities must intervene, take those scripts from you and pass them to loving hands (or browsers).
Re: Re: Re:5 Re:
Fine take the scripts away, but what about the comments?
🙂
Re: Re: Re:2 Re:
Negligence argument was smashed to bits on TorrentFreak recently:
Look at the following post – exact opposite conclusion.
Re: Re: Re:3 Re:
Maybe I?m emotionally (not factually) biased, but it is understandable given my predicament. Yet I still see much more common sense in arguments against negligence theory. Forget about the posts themselves ? Randazza is an interested party, sure he uses all his skills in sophistry to maximize his profit. (And some trolls even resort to lies pushing this argument) I find discussions much more interesting ? and the user nicknamed ?Common Sense? had an upper hand by far in my opinion.
Re: Re: Re: Re:
But your ISP connected that router to your network. And their techs even configured it for you. If the techs set up the router as open or WEP, is it your fault for running the insecure system provided by the ISP?
Re: Re: Re: Re:
So the justice court of Tennessee is now liable for anything that happens since they were compromised?
http://www.zeropaid.com/news/94409/p0keu-hacks-eastern-district-court-of-tennessee-website-passwords-exposed/
Will the Arizona police be ever found guilty of anything?
http://www.zeropaid.com/news/94082/antisec-dump-targets-arizona-police-a-third-time/
You fail to see that obvious, if it is impossible to secure it, it is not negligence.
You can’t ask people to do the impossible and say they are negligent.
Re: Re: Re:
To add to that: many times the ISPs themselves supply bloatware (or install on users’ computers) as part of the ISP provisioning process. That software represents a significant downgrade of the security of the user’s system.
So who should be held responsible for that? The user, because they signed up with Comcast for service, or Comcast, because they dropped a load of crap on the user’s system, opening it up to all kinds of exploits that weren’t previously available?
Re: Re:
An internet connection isn’t really and different from a phone,
Ignorance on display.
Re: Re:
While I agree that SODDI is a shoddy defense, I have a feeling that such defense would never actually be used in trial because there would never actually *be* a trial. Remember, these mass subpoenas are not about uncovering who actually infringed on the copyright. It’s a fishing expedition looking for a list of people to send settlement letters to.
Also, while you may be responsible for your Internet and phone connections when you give permission to others for its use, the risk of your neighbor hacking your wifi to infringe copyright is certainly much greater than the risk of your neighbor hacking your cordless phone and making long-distance calls with it. The vast majority of routers that come from ISPs do not ship with WPA enabled, and so users should not be held responsible for illegal access that was facilitated by faulty ISP security policies.
Re: Re: Re:
Not to mention that having WPA enabled doesn’t stop your wifi from being hacked. It does make it just a tiny bit harder (you have to intercept the traffic when someone legitimate connects, and your computer has to spend a half hour or so crunching numbers), but not so hard that script kiddies can’t do it.
Re: Re: Re: Re:
At some point in my net travels I read about someone who was selling a usb flash drive that contained a live os.
Its entire purpose in life was to scan wifi networks and provide you with the key so you could reboot, input the key and have access to the wifi.
If you can plugin a flash drive and press an F key, you can hack a wifi network.
Re: Re:
There is one really huge difference: with a telephone, you have a unique identifying number for the phone. With the internet, you don’t (unless you are paying a premium for a dedicated IP address). You are assigned an arbitrary address that can be different every time you connect.
Re: Re:
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn’t really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it’s use.
Wrong wrong wrong, and this has been discussed previously.
Long distance calls made on your phone is a billing issue between you and your phone company. And its a near certainty that you signed or agreed to be held responsible for the billing costs of those calls when you got the service.
A copyright infringement claim is a legal issue between you and a third party copyright holder. I would consider it highly unlikely that you signed an agreement with the copyright holder to be held legally responsible for copyright infringement that occurred on an IP address that happened to be leased to you at the time of infringement.
If someone breaks into a house and calls in a bomb threat from the phone, I have no problems with the police using the subscribers information as a starting point for an investigation into the identity of who called it in.
Under the law, I don’t have a legal argument against a copyright holder filing an individual infringement suit for discovery of additional evidence against an individual unknown holder if they have more than just “this IP address was detected sharing content” – and then using the subscriber info from the ISP for further evidence collection that they have the correct person who was sharing the content.
Re: Re:
All of this stuff is the old SODDI defence, the “some other dude did it” that rarely flies.
Guilty until proven innocent, huh?
In the end, there is plenty of precedents regarding long distance bills on a home phone, example.
So you’re claiming *that’s* a precedence? Whoo hoo, what a load.
In the phone case the subscriber that has agreed with the service provider to be liable for charges for such calls made on his line regardless of who actually made the calls. The case is similar with electric providers who bill the account holder regardless of who actually flips the light switch.
However, that’s not like the case case here at all. In the case here a third party, with whom the subscriber has no agreement, is trying to hold them responsible for something they didn’t do. And you’re trying to claim it’s the same thing? Man, you copyright people are sure a bunch of obvious liars.
It’s a great motion, but it ignores basic facts.
Heh, talk about ignoring basic facts.
Abolish copyright.
Slavery couldn’t be fixed by “fine tuning” it, and neither can copyright.
It also doesn’t mention that the infringer could be someone who installed malware on the victims computer and is using the victims computer as a proxy to download content.
Re: Re:
(ie: installed it through browser exploits. Lots of people have malware on their computers).
This is fishing from a third party.
I think — though my eyes may have glazed over — that a significant point was missed — because anything regarding computers is always assumed to be perfect, particularly by those least familiar with OS details: the records of the ISPs must be certified beyond any reasonable doubt (and that applies to civil cases too).
If the sole link between charges and persons is an IP address then it must be nailed down beyond doubt. I wouldn’t consider anything less than real-time monitoring records (of actual copying or whatever) backed up by testimony of person who watched the info tap. Note that puts a high burden on plaintiff to pay up front for such monitoring, and that doesn’t bother me. Otherwise, all you’ve got is a piece of paper with a number on it.
If the present low standard continues without questioning its relibility, then an inside person at an ISP could easily phony up records to convict anyone of almost anything on the net. I mention that only because within the realm of possible greed and perfidy, and will surely occur to someone else soon, particularly those in gov’t.
Re: This is fishing from a third party.
Holy shit, I agree with nearly everything you said, minus some of the paranoia….
Re: Re: This is fishing from a third party.
I suspect that ootb isn’t being paranoid enough. Think on that mor a minute.
“In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn’t really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it’s us”
Really… Then i guess i should have been responsible and paid that 6,000 $ cell phone bill that came in once.( back in the old days when i had the moto flip phone brick) It was my phone and ESN.
I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)
What amuses me is how delusional these trolls are. When they fight in court with another lawyer, that?s a game with around 50-50 chance to win. So they project their inflated self-esteem to the general public, but to think that they are smarter than every defendant is kind of statistical idiotism. Out of thousands they sue at least few are much-much smarter, or powerful. That alone makes their scheme is doomed in the long run.
I don?t say than I?m smarter than my house troll Gill Sperlein, but being an irrational person, I refused to pay ransom, though based on pure math it was the easiest way out (at least how felt at that time). Well, I?m not too irrational, put it in this way: I?m not rational at expense of dignity. I believe that I damaged his extortion enterprise to some extent.
http://fightcopyrighttrolls.com
Re: Re:
The main reason they keep going is it is very rare they ever give anyone the chance to get them into a courtroom.
This is a numbers game, and to influence the numbers in your favor you steal copy from other people in the game to put on your website, and you talk publicly about the large “wins” you and others have gotten in these sorts of things. Mind you those cases are often exaggerated for the sake of the hype.
They put all of this out there so if you look into the specific troll that has you targeted you see all of this talk about how they crushed people here and there, and stories covering how wonderful they are at what they do.
The best example for me was a Dallas(? i forget) “news magazine” that wrote an amazing puff piece about Evan Stone. I took the writer to task directly about Stone facing sanctions for the fake subpoenas he sent out in violation of a court order… they killed those comments.
So what was left was a story about how he had his sights on some kids mom, who had admitted she did it and then on “bad advice” backed out of the payment agreement so he was taking the minor to court. And to add to this kids terror the newspaper called him to get “his side” of the story for the hatchet piece. They ignored Stone lifting the logo of the East India Company… it is sort of schizophrenic. Showing him as this awesome defender of copyright, who copied something belonging to someone else…
Having read the whole filing… I think it is a masterwork.
But then that could be why I submitted it.
I’m glad Mike liked it to.
My comments from where I originally came across the filing. This will also confirm to my own personal copyright troll I am who he thought I am, still confused… ask brice.
I LIKE THIS GUY!
He specifically introduced comments from one of the Judges who told Steele he would throw out every single one of the cases he tries to file from now on.
It points out the obvious that an IP address does not get you the infringer, and that the allegation is damaging to the people named and continues to be damaging if proven to be mistaken.
The #1 is very good… it points out in plain language that for all of the things they brought to court, none of them connect the does directly to infringing.
You can connect an internet service but you can not prove anything else about it.
#4 is hot because it points out that the Does even thou not named do have a right to move to quash records related to them.
#5 Jurisdictional challenge, well played…
#6 BTW the Judge who said ok to these subpoenas left the door open for the ISPs OR the Does to file motions to fxxk off
#7 IP Address is not the same as a fingerprint or DNA… far from it. That is a great attack on the tech challenged Judges, put it in CSI terms. Point out how even the Feds fxxked up using just an IP address.
#8 Point out the sheer number of people who might have done this who are not the Doe, and point out the lawyers can’t prove or disprove anyone of them did or did not do it.
#9 Another quote from Judge who hates Steele about how this is abuse of the process because the mere accusation could ruin people if made publicly.
#10 – “The information linked to an IP address cannot give you the identity of the infringer.”
O M G it gets amazingly better…. You want to read #10 for yourself…. its amazing.
If this stands… its amazing… it could really be hurtful to these entire shakedown mills if it is accepted by a court.
And if you think these are the champions of truth justice and the American way fighting these evil copyright infringers… I point you to the story over on Torrentfreak about the blind man being sued for downloading porn. Oh he has kids, like 4 and 5, and the trolls are aware hes blind, has an amazing defense, but they are still willing to demand and accept payment from someone they themselves are pretty sure is innocent, just so the blind man can make the case go away.
Re: Re:
Obviously he went blind from watching to much porn.
Didn’t you listen to your mother at all?
Re: Re: Re:
sorry can you repeat that? I needed to find my glasses…
photo radar
I always thought this is similar to the idealogical jump when governments introduced photo radar for speeding. From the beginning of the auto industry, the person doing the speeding got the ticket. But with the advent of photo radar, it instead went to the owner of the car. Same logic – we can’t prove it was you, but close enough. I’m surprised actually that this has survived as it seems like a rather large logic hole.
Re: photo radar
In B.C. a number of years ago one generous man fought for several years, spent about $100,000 of his own resource, and won in Provincial Supreme Court; Photo Radar was decided as being unconstitutional under the 1982 Canadian Constitution.
Not sure, but I believe the province is still photo~radar free. It was for at least a few years after that case.
Re: photo radar
In B.C. one generous fellow spent about $100,000 and several years fighting a photo radar ticket, to the point he won in Provincial Supreme Court, on Canada Constitution Act of 1982.
For a while and I think, even now, this province is free of that particular iinjustice.
Now for the other 8,734 injustices…
OK. Imagine a guy who approached a small store?s owner and said: ?You have a very neat shop here, it will be a shame if someone burns it down. But we can protect you, just pay us monthly?. Now this story makes its way to TechDirt and wild discussion erupts. But wait, why we are discussing business owner?s fire alarm system and he way his shop is wired electrically? Why negligence argument pops up and stays throughout the debate. I can understand that good discussion is worth my time: it is enlightening and entertaining. But… do we still remember the forest talking about the trees?
What wold happen if someone got into the wifi of his firm and started torrenting like crazy then sue?
Make it hard, or maybe impossible...
Just encrypt your drive. They can’t prove anything other than traffic took place. If they try to force you to decipher the drive, simply state you forgot your password… They may be able to crack it open, but it will probably cost a small fortune in time and money to do it…
These lawyers seem to go after people that either don’t know, or barely know what they are doing. I have yet to hear of someone getting sued that was running an encrypted hidden volume or whole drive encryption…
They can jump up and down until they explode, but at the end of the day, they can’t prove you don’t know your password lol…
Re: Make it hard, or maybe impossible...
I wouldn’t give such advice. If a judge is angry he can charge you for contempt of court if you refuse to reveal your password, that happened before. “Forgotten password” is a lame excuse.
I agree that defendants should make trolls’ lives difficult as much as possible. There are ways of doing it:
– If you are sure if it is impossible that you have any trace of the file in question and you have many computers/external drives, don’t hesitate to offer them all for forensic analysis. One box will cost trolls ~1000. If I I have 8+ PCs and laptops – do the math.
– If you encrypt your drive, use TrueCrypt’ hidden drive feature. In short, it is possible to create an “encrypted drive inside encrypted drive”, and it is not possible to distinguish the space occupied by such drive from encrypted free space in the first drive. From user prospective it is a drive with 2 passwords – entering one reveals the first drive (and you can hand it over), entering the second reveals the contents of the hidden drive.
Re: Re: Make it hard, or maybe impossible...
If a judge is angry he can charge you for contempt of court if you refuse to reveal your password, that happened before. “Forgotten password” is a lame excuse.
Citation needed.
Re: Re: Re: Make it hard, or maybe impossible...
https://secure.wikimedia.org/wikipedia/en/wiki/United_States_v._Boucher
Re: Re: Re:2 Make it hard, or maybe impossible...
https://secure.wikimedia.org/wikipedia/en/wiki/United_States_v._Boucher
That citation does not support the claim made. It makes no mention of “contempt” or of forgetting passwords. In fact, all the government was demanding was the contents of the drive, not the password itself.
Fail.
Re: Re: Re:3 Make it hard, or maybe impossible...
all the government was demanding was the contents of the drive, not the password itself.
Well, you asked me for a citation, to to support my claim.
Re: Re: Re:3 Make it hard, or maybe impossible...
typo:
Well, you asked me for a citation, not to support my claim.
Re: Re: Re:4 Make it hard, or maybe impossible...
Well, you asked me for a citation, not to support my claim.
You really thought the request was for a citation that *didn’t* support your claim? Really?
Also entertaining and adding to the confusion would be the 2 lawyers who submitted vastly different answers to the concept if someone else used your connection, if the account holder is liable.
More interesting, was the answer by Randazza (we know how much I enjoy his work in this arena).
He said yes, and made the whole stolen car analogy.
But better was him saying that they would then subpoena every person you came into contact with to see if they were the one who infringed.
“”Option A: We engage in discovery, seize all of the computers in the house, issue subpoenas to everyone the account holder knows, and start having depositions of everyone who lives in their home and neighborhood. By the time we?re done, we not only will likely have gotten to the bottom of things, we would have flipped the defendant?s entire life upside down. While that might get us somewhere, I prefer not to be that heavy-handed if I can avoid it.””
The sheer joy of Option A lies in how stupid they think Judges are.
Your honor, they got my name by claiming they had positive evidence to prove that I infringed their copyright.
Now we are in the portion where my side looks at the evidence to poke holes in it, and plaintiffs are engaged in a huge fishing expedition designed to annoy anyone I have ever met and to see if they might in fact be the infringer they are seeking. They claimed definitive evidence before this court to get my name in the first place, they seem to be admitting this is not the case.
They have mislead the court about their “evidence”, engaged in “settlement negotiations” designed to intimidate and scare me into settling, and now we waste time in court as they decide they need to do actual discovery to make their case.
I’m still amazed by the idea that anyone can say these cases are not cash shakedowns wrapped up in legal wrangling. The fact that Randazza makes a statement publicly that they would have to seek out who the infringer really is goes against what they are telling the courts, that the IP address leads them to the infringing party. But then he holds the belief that account holders are entirely responsible for the actions anyone takes with their account, hacked in or not.
Re: Re:
The worst part is that Randazza is not only talking crap on forums, but currently tortures a guy using these methods.
First he tried to accuse Antonio in the tort, but after he realized that Antonio’s defense is solid (the guy was not even in the US at the time of alleged infringement) he mulls some additional “discovery”.
I talked to Antonio, and from his statements I realized that he did not know the difference between eDonkey and BitTorrent! What a shame (not to Antonio for not knowing, but to Sperlein/Randazza for pursuing a clearly innocent person) .
Re: Re: Re:
I just filed a motion to leave for discovery of the runaway /a tag with TechDirt.
Re: Re: Re: Re:
Motion Granted 🙂
So I wonder if they get any traction on this whole open wifi makes you responsible BS if they are going to kill the future of tech…
http://www.wired.com/epicenter/2011/08/free-wifi-nyc/
And I have a feeling that in the case you cited, that he is just being punished now for daring to attempt to fight rather than pay up.
I find it very hard for them to prove someone out of the country could access their machine, when you use the lens of – He used BEST BUY to get his computer fixed. This is not the sign of anyone computer savvy.
They could be trying to get the open wifi means your guilty to stick, or trying to run the bill up so they can point out how expensive it can be if you opt to fight rather than just pay them off.
Both of these would make powerful tools in the pay us or else schemes to scare more people into compliance.
When innocent people pay just to make it stop, the law has failed hard.