Swedish Film Institute Learning That An IP Address Is Not A Person
from the lessons-learned dept
Earlier this month, an anti-piracy tracking company traced the origin of some Swedish films found on The Pirate Bay… all the way back to the Swedish Film Institute. After some embarrassment and further investigation, the Institute is now insisting that it can’t find any evidence that someone there leaked the films… and they’re complaining that the anti-piracy firm DoubleTrace “aren?t… forthcoming with their evidence.” Shocking, I’m sure. But the larger point is that the Swedish Film Institute is pointing out that the IP address alone does not identify the user. This is, of course, entirely true. It’s what tons of people have been pointing out for years, and what the film industry (and the recording industry) has often mocked as being a silly excuse. So I’m in agreement with TorrentFreak when it says:
The important thing here is that when it comes to the allegations against SFI, and the refusal of the anti-piracy company to make their ?evidence? available, SFI should be given the benefit of the doubt.
But, unlike the hundreds of thousands of other ISP account holders around the world who receive letters claiming that they illegally uploaded a movie or song and therefore should pay compensation or, increasingly, be disconnected from the Internet, they are treated more respectfully, quite simply because of who they are.
An IP address is not a person, and unless anti-piracy companies want to let their ?evidence? be seen and tested in public, perhaps it?s better if they keep their allegations to themselves.
Filed Under: copyright, evidence, file sharing, ip address, sweden
Companies: swedish film institute
Comments on “Swedish Film Institute Learning That An IP Address Is Not A Person”
Satire or sarcasm?
Hang on, shouldn’t these guys be disconnected? After all, it’s only a small step away from “innocent infringer” to “anti-capitalist terrorist Commie-freetard”?
Its a cornucopia of irony, de-lish. 😀
A license plate is not a person either. So if you see a masked man running out of a bank after robbing it and get his license plate number, no further investigation should take place.
After all, since the guy (or gal, really) had a mask on, there will be no definitive way to identify who was driving. A lot of people share cars. Also, it is likely the thief stole the car, used it to rob the bank, and returned it before the owner noticed it missing.
Instead, based on this flimsy evidence, the police have actually been sent to people’s houses. They have asked the owners questions, and some of them have reportedly gotten warrants to look for further “evidence.”
We should not tolerate living in such a police state. This is what happens when you have a society with corporate personhood.
Re: Re:
Yeah, because license plates and IP addresses are exactly the same. Oops, it’s getting late, I need to go hop into my router and drive to work.
Re: Re: Re:
Thanks for letting us know that all analogies are automatically invalid because no two things that are compared are exactly the same.
Re: Re: Re: Re:
Heck, that he didn’t challenge you on comparing possible copyright infringement with a bank robber was what surprised me.
A car passes by driven by someone whose face you don’t see and catch a few bars of the music they are listening to.
We will skip over, for the moment the fact that said driver has committed the offence of an unwanted and probably unlicensed public performance because we have bigger fish to fry (Don’t worry, we won’t forget and they will get taken to court for the public performance part later).
There is every chance that the music being played was an unauthorized copy (it could be… and given all the piracy it probably is),
obviously taking the licence plate number and using it for further identification makes sense and what makes further sense is that unless the registered owner can prove that the music being played was not an infringing copy and identify the person responsible for the infringement then they should face legal threats and costs.
Now that’s what I call an analogy.
Re: Re: Re: Re:
Thanks for letting us know that oranges and apples are now the same thing.
Re: Re: Re:
In a sense they are. If you see my car at night, with my plate it doesn’t mean I’m the one driving it. It needs further investigation. Now replace car with IP, driving with downloading and voil?, you DON’T know who downloaded and you CAN’T assume the driver is guilty of transporting infringing drugs (yes, I mixed the stuff on purpose).
So what have we learned from this good analogy kids? You need further investigation before concluding the person was downloading the car! Obviously, if he/she uses the safety encryption and proper vpn it may become quite impossible.
Re: Re: Re:
“Yeah, because license plates and IP addresses are exactly the same. Oops, it’s getting late, I need to go hop into my router and drive to work.”
This works, if you work through an internet location.
Re: Re:
Well, then, that’s an interesting point: because the registration is linked to a single car owned by a single person, that actually seems like a logical place to start. In this case, an IP can have a one-to-many relationship, so logically the investigation should start from there.
Instead, what gets sent are threats and demands to pay up.
Re: Re: Re:
Well, then, that’s an interesting point: because the registration is linked to a single car owned by a single person, that actually seems like a logical place to start. In this case, an IP can have a one-to-many relationship, so logically the investigation should start from there.
Instead, what gets sent are threats and demands to pay up.
You’re absolutely right, what they should do is skip that part and just move directly to litigation to actually do the follow-up investigation.
Re: Re: Re: Re:
The problem with your logic is that the police will talk to the owner and try to determine if there is probable cause to proceed with a criminal complaint, including talking to the owner and verifying their alibi.
The record companies don’t bother determining guilt or innocence which is why they’ve sued dead people, grandmothers without computers and technologically inept people with their shotgun approach to litigation.
The reason we like this story is that it highlights recommenmdations that we make which you conveniently left out of your flawed analogy:
1) An IP address does not equal an individual so further research is needed once you have that IP address much like the police do further investigation once they have a plate number AND DESCRIPTION OF THE VEHICLE (which you don’t get from an IP address).
2) The method of capturing the IP address should be subject to verification much like the defense counsel would vet how the plate number was obtained. Did it come from a witness reciting it from memory? Did someone take a picture? Was there a video camera and the plate came from a sceen grab? All questions that can enhance or detract from the quality of the identification. With the record companies, the process of capturing an IP adderss has never been vetted or reviewed. While it could be incredibly accurate, it could also be incredibly flawed. Developers make mistakes and bugs exist in code. It happens and we all know it. The record companies refusing to allow review show an unwillingness to stand behind their methods. Now, whether that’s due to intent to defraud or they just don’t want to run the risk that their methods are shown to be flaed is another question that will never get proven.
Re: Re: Re:2 Re:
And, like the license plate on the car might have been switched, or the car stolen, the IP address might be from Tor or a VPN and actually have no relation to the paper trail of the asset.
Re: Re: Re:3 Re:
Also, certain programs, like Bittorrent, offer options to report a different IP address. I like to use the MPAA’s 69.172.201.20. There are more ways to spoof IP addresses, I just don’t know them.
Re: Re: Re:2 Re:
“The record companies don’t bother determining guilt or innocence which is why they’ve sued dead people, grandmothers without computers and technologically inept people with their shotgun approach to litigation.”
Don’t forget a laser printer. To be fair, that laser printer looked damn sneaky to me.
Re: Re: Re:2 Re:
And, let’s not forget that it is in the interest of the media companies not to care if they are accurate in their accusations.
By claiming more infringement, they can better lobby to have laws enacted that favor them and they will also be more likely to make money with the extortion letters.
Re: Re: Re:
Cars can be owned by more than one person. My wife and I are listed as the owners of both of our vehicles.
Re: Re:
You fail.
With your license plate analogy, the owner of the car has at all times been presumed innocent until proven guilty. Sure, let the police start their investigation with the owner, verify an alibi.
What you don’t seem to understand is that the Sue-The-IP-Address-Account-Owner approach is just that. There is no further investigation. The method used to obtain the address has never been professionally vetted as to its accuracy. The person being sued is told that they are automatically guilty and must pay up to make the threat of going to court go away. Or they’re disconnected from the internet simply because of accusations, with no further investigations to actually convict them in court.
Read the following sentence carefully. This is PUNISHMENT UPON ACCUSATION, not PUNISHMENT UPON CONVICTION.
Re: Re:
“A license plate is not a person either. So if you see a masked man running out of a bank after robbing it and get his license plate number, no further investigation should take place.”
Sorry officer, I can not tell you how I obtained that license plate number. If I did then it might jeopardize my future bank robber identifications.
Re: Re: Re:
Don’t forget your patent. Otherwise what incentive would you have to identify bank robbers in the future?
but, but, these are not individuals who have no money, no knowledge how to secure their wifi or have everything to lose. how on earth does anyone expect these to get their door battered down by a swat team, their computers taken away for forensic analysis, threatening letters with jail time and/or huge fines? get real, folks! these types get a different set of rules to play by to the general populace. plus they probably have enough money to defend themselves thoroughly. a RIAA/MAFIAA recipe for disaster!
Nobody ever claimed an IP address is a person. Talk about a red herring. An IP address and ISP logs can tell you which user was logged in at a given time, and from there you can move ahead legally as you see fit.
If the IP address comes back as a gateway or other “shared” access point (as in shared by the network admin, not someone running TOR), then it is much more difficult to determine who did the deed. There are ways, but they might require methods that would not pass legal muster in some areas.
However, to suggest an IP address is meaningless is pretty much bullshit.
Re: Re:
No, it’s exactly where it should be: the starting point of an investigation. The problem is, that most of the people doing the investi9gating assume that that is the only way to get an IP. It isn’t. So you can understand why there are issues in using IP addresses as the sole basis for evidence.
In the same way that a car used in a robbery has the owner of the car questioned, an IP address can be used in the same way. However, ISPs (somewhat understandably, I might add) should be reluctant to use that as the sole piece of evidence before giving out privately-held information.
Re: Re: Re:
“No, it’s exactly where it should be: the starting point of an investigation.”
Exactly. Sadly, this is not the case, because ISPs (and the courts) seem to want to block discovery of subscriber information as a basis. It would be like seeing a license plate at the scene of a crime, and not being able to run the plate because the car manufacture objects. It’s insane.
If the IP address is a valid starting point, then ISPs should be required to turn over that information when a complaint is filed in the courts. That many of them seem intent on fighting this tooth and nail, and then dragging their feet on providing the information even after being ordered is painful.
Re: Re: Re: Re:
“Exactly. Sadly, this is not the case, because ISPs (and the courts) seem to want to block discovery of subscriber information as a basis. It would be like seeing a license plate at the scene of a crime, and not being able to run the plate because the car manufacture objects. It’s insane.
If the IP address is a valid starting point, then ISPs should be required to turn over that information when a complaint is filed in the courts. That many of them seem intent on fighting this tooth and nail, and then dragging their feet on providing the information even after being ordered is painful.”
ISPs (and the courts) are not wanting to block discovery of subscriber information just because. The reason they are having issues with discovery is because it is not being used in a legitimate way. What the various groups are doing is presenting an IP address and asking for the information on the owner of said address, for no reason beyond wanting to know where to send a letter to attempt to get them to settle the matter out of court. Their “proof” against said person is at that point stated as being their IP address.
So they are not necessarily against the discovery and releasing of said information (the ISPs and courts that is), but what they are against is the abuse of the courts in order to obtain information to then send what are essentially extortion letters to people who may or may not have committed any wrongdoing. Because as has been noted, repeatedly, an IP address does not equal a person. There have been tests conducted and studies shown that the data gathering methods (in regards to harvesting IP addresses) are flawed and prone to error, that IP addresses can be spoofed, change, etc. And that is the problem.
Re: Re: Re: Re:
If the IP address is a valid starting point, then ISPs should be required to turn over that information when a complaint is filed in the courts.
So any complaint alleging that IP address xxx.xxx.xxx.xxx engaged in unlawful conduct at time yy:yy:yy should compel an internet service provider to divulge subscriber information.
If I want to unmask every anonymous coward writing on Techdirt, all I need is going to court and allege that the IP address at a specific time engaged in illegal conduct with no other corroborating evidence.
Re: Re: Re:2 Re:
If you can get a court to order it, yes. But you need to be aware that a court isn’t going to order it without cause. I doubt you would have any evidence to work from.
Copyright holders don’t “allege”, they actually show the activity as part of the complaint. Sorry if that fucks you world view. Your post my be tagged as insightful, but it is just a good indication of how truly stupid the sheeple are here.
Re: Re: Re:3 Re:
I hereby state that on Sep 27th, 2011 @ 8:53pm, Anonymous Coward violated my copyright on __ITEM__ from IP address xxx.xxx.xxx.xxx.
OK, so I’ve given the exact same amount of information that the typical big media companies give to ISPs. This is not proof…this is an allegation (by definition).
For all we know the “tracking” companies hired by big media could be randomly generating IP addresses, filenames, and dates and times, and then sending the letter to the ISP that came up in the WHOIS lookup.
Re: Re: Re: Re:
Okay. I have evidence your IP is infringing. The evidence? I say so!
Hand over your info please.
Re: Re: Re:2 Re:
The evidence that his IP is infringing is, of course, that you have his IP.
Re: Re: Re: Re:
Lets see YOU walk into a DMV office with a license plate number and ask them for the drivers name and related info…..
You can claim that the driver fled the scene of an accident (or that he flipped you off, or that you just really don’t like him very much) and see what they tell you….
Report it to the proper AUTHORITIES and they will follow up on it (hint, the ISP is not the proper authority).
Re: Re:
No one is suggesting that an IP address is meaningless.
However, I think it is pretty clear that just looking up who leased the address at the time of the alledged infringement is not proof enough to start sending settlement letters.
At least if you want to be sure that the person who actually infringed is the one paying.
Of course, if all you care about is that someone pays, then it does not really matter who did it, as long as they can in any way be tied to the ip address that some secret unverified program spat out.
Re: Re:
An IP address and ISP logs can tell you which user was logged in at a given time, and from there you can move ahead legally as you see fit.
Many inexperienced novices such as yourself contend so, but of course everyone with sufficient expertise knows this is utter nonsense. I suggest that you undertake the remedial education that you so obviously require in order to raise your clue level to one that is at least minimally acceptable for participation in this conversation.
Re: Re:
“Nobody ever claimed an IP address is a person. Talk about a red herring. An IP address and ISP logs can tell you which user was logged in at a given time, and from there you can move ahead legally as you see fit.”
If using windows, administrator will show up as being logged on at all times. At least with the people I know who use windows.
Re: Re:
In a world where you can send any number and say it is an IP address it is pretty much meaningless.
Even more so if the party using the IP doesn’t even have proof of any actual transfer of data occurring but just an IP number.
ha … no, wait HAAAA!
No secrecy, no money
If the party demanding a settlement or private info refuses to show his evidence, he should simply have no recourse.
Evidence can’t be secret.
If the network owner isn’t notified of where, how and when the alleged infringement took place, there is no possibility of proving anything, except that no infringement took place.
And proving a negative is impossible.
Sweet irony that may set a huge precedent for the courts. It’ll be interesting.