Thursday, December 01, 2005

Oklahoma Woman Fights Back Against RIAA

We have just learned of another case, this one in Oklahoma City, Oklahoma, where a defendant is fighting back against the RIAA.

The name of the case is Capitol Records v. Foster.

There the defendant has filed counterclaims for a declaratory judgment of non-infringement, and for "prima facie tort" under Oklahoma law. The judge dismissed the counterclaim for "prima facie tort" but has left standing the counterclaim for a declaratory judgment.

During the period Ms. Foster was accused of being a copyright infringer she did not even have a working computer.

Selected litigation documents:

September 8, 2005, Decision
October 5, 2005, Decision
Answer and counterclaims
RIAA Motion to Dismiss Counterclaims
Defendant's response to Motion to Dismiss Counterclaims

Ms. Foster is represented by:

Barringer-Thomson, Marilyn D.
4901 Richmond Square
Oklahoma City, OK 73118
(405)840-3101
Fax (405)842-3843



Keywords: copyright download upload peer to peer p2p file sharing filesharing music movies indie label freeculture creative commons pop/rock artists songs riaaradar

45 comments:

Anonymous said...

She had a computer though? Just not "working"? That sounds suspicious!

Anonymous said...

Why does that sound suspicious? I have three computers at home, of which 2 don't work. I finally was able to purchase a new one 6 months after the last one fried a power supply. So for a six months I had two inoperative computers at home.

Anonymous said...

It does sound a bit fishy. It's possible the RIAA (or whoever) captured her activity before her computer "broke."

But hey, it's worth looking into the claim. If her computer wasn't working, then fight. If she's lying...well then my sympathies end there.

Anonymous said...

Perhaps it was the ex-husband or a child of theirs. Where else is the user name fflygirl11 used? However, just because the userid is used on other systems doesn't mean that it was created by the same person. Someone could have framed the defendant just to cause grief or to get back.

Anonymous said...

It doesnt work like that. The RIAA intercepts your IP address when it downloads songs from the uploader. In this instance, she must have had some kind of P2P application. I notice the article doesn't mention whether she had ever used any kind of file-sharing application...

Anonymous said...

2nd Anonymous....But you still had one operating computer. I'm sure if all three of you computers went down, you would have made more an effort to fix the one.

Also, I'll admit I make up some strange userid's that might make the person not think it could be me. Why wouldn't some woman use fflygirl11? If that was her userid? Maybe she thinks she's fly. Now if she spelt girl, grl, i would think maybe more of a kid...but it does sound awfully convenient to me that she did not have an operating computer, but had a computer.

themaxx.ca said...

One thing that matters..
Did she had an internet account at the time? And was it used?

Anonymous said...

Innocent until proven guity, folks. Whether her story is suspicious or not, the RIAA must prove her guilt. End of story. The onus is on them to prove their accusations, not her.

Anonymous said...

According to the documents she had an Internet account and from what I read, she used it. She claims for games, but she had an account and still used it.

Anonymous said...

I have 6 working computers and over 100000 mp3s

Anonymous said...

If she had internet access and one of those wireless router modems that default your wlan to an open connection that could have been used by a neighbor or any passerby. I know the one my ISP gives me does that.

Anonymous said...

Once again, the wireless router..her fault. But if you read the court documents, it says nothing of wireless, and I think she had it back in 2001 before ISP's really ever offered wireless.

Anonymous said...

the time frame at which ISPs were supplying wireless routers is irrelevant. Anyone can purchase a wireless router, it's not a service that's offered by your ISP.

Just as a note on someone else using her wireless... If someone breaks in to your home and performs some illegal activity, your responsible? That may be an appropriate question, depending on whether she secured her wireless or not. The law is murky there.

JasonSkywalker said...

IIRC, innocent until proven guilty only applies in criminal cases. This is a civil matter, so I don't think the RIAA has to necessarily prove anything.

Anonymous said...

Of course, all of this supposition assumes that Media Sentry, which is being paid a bounty for IP addresses, isn't simply producing Kazaa screen captures with random IP addresses inserted using Photoshop.

From what I've read, that's pretty much the only evidence the RIAA is bringing to these things.

Riskable said...

It doesn't matter whether her computer was working or not. If she says it wasn't, the court will have to take her word for it. The burden of proof lies in the RIAA's hands. They will have to demonstrate that she (and only she, since she's the only one named in the lawsuit) willingly used her computer and internet access to propagate their content over the Internet.

Since this is nearly impossible short of the RIAA having a video of her performing the act, they have no case.

Anonymous said...

I bet she started using Lime Wire and that's why her computer wasn't working.

Anonymous said...

Just as a note on someone else using her wireless... If someone breaks in to your home and performs some illegal activity, your responsible? That may be an appropriate question, depending on whether she secured her wireless or not. The law is murky there.

Breaking into a home is different than receiving a NON ENCRYPTED SIGNAL

from: U.S. Code : Title 18 : Section 2511

Section 2511(g)(i) provides that:

It shall not be unlawful under this chapter or chapter 121 of this title for any person -
(i)to intercept or access an electronic communication made through an electronic communication system that is configured so that such electronic communication is readily accessible to the general public;

A transmission that is not scrambled or encrypted is by definition "readily accessible to the general public". If WEP or other encryption are not used on a Wi-Fi network, therefore, ECPA does not apply.

Lesson: If you dont want to be held accountable for what goes on on your network secure your freaking AP!

http://caselaw.lp.findlaw.com/casecode/uscodes/18/parts/i/chapters/119/sections/section_2511.html

Anonymous said...

Lawyers still have yet to learn one thing... IP addresses and MAC addresses mean NOTHING. Right now I am using a spoofed MAC address and Privoxy to change my IP. There is absolutely NO reason to allow an IP address or MAC address to serve as evidence in a court of law. They are 100% MEANINGLESS.

Michael Eisenberg said...

Anonymous said...
Lawyers still have yet to learn one thing... IP addresses and MAC addresses mean NOTHING. Right now I am using a spoofed MAC address and Privoxy to change my IP. There is absolutely NO reason to allow an IP address or MAC address to serve as evidence in a court of law. They are 100% MEANINGLESS.


Would you mind explaining how to do that? Perhaps give a hyperlink if you can privide one. Thanks.

t3hX said...

>Would you mind explaining how to do that? Perhaps give a hyperlink if you can privide one. Thanks.

tor.eff.org

Anonymous said...

I'm not the person who posted the bit about using Privoxy and spoofing their MAC address but I would like to help out so here's what info I can provide:

Spoofing your MAC address is pretty simple on some systems, MAC OS X (Panther, which is 10.3.* and Tiger 10.4.*, I don't know about versions prior to Panther) lets you change your MAC address from the network preferences panel under Ethernet, you don't even need any special software to do this.

On Windows you can get software utilities that let you spoof your MAC address, for example Mac MakeUp is the first result I got when I searched Google for 'spoof mac address windows xp'. That program will let you change your MAC address on any Windows 2000/XP or Server 2003 computer. There should be utilities for 95/98 & ME as well.

On Linux you can do this in the config files, you just need to search for the info on how, same as above.

As far as I can tell you can't completely mask your IP with Privoxy, according to this FAQ item on Privoxy's site you can configure Privoxy to use a anonymous proxy to route your info through, that would have the IP of the proxy, not your home PC, show up on any computers you connect to. That item mentions that most of the well known anonymous proxies will log your IP and provide it to authorities if you commit a crime, but with all the virii and worms nowadays that install open proxies on compromised PCs, with a little work you could find some of those and run Privoxy through them. That would make it look like the person who owned the comprised PC was the originator of all the traffic from your machine, and could be a defense.

I doubt I would qualify as an expert witness (although I do IT work for a living and do concentrate a lot on security) but an IP address alone doesn't mean much for people who connect through an ISP. Accounts can be stolen (the ISP account that is), machines compromised by virii, worms and trojans that install open proxies, or leave the machine open to further compromise that does install them, even spyware and malware can leave a system in a state where it's nearly impossible to say if the network traffic really originated from the owner of the PC. Convincing the court of this will need someone with the proper credentials though, all I can do is point you to info I know about and/or can find that you ask about. I am really good at finding info online though. :)

I really do hope this info helps. :)

Kye Lewis said...

I think the case sounds pretty shady from the defendant's side, but, yes, it is up to the RIAA to prove the file sharing.

I wasn't pleased to see some of the comments made by the defence in the Response to motion to dismiss counterclaims though- saying that the plantiff should lose their rights because the data wasn't further secured? That's stupid, it goes against what someone looking for an open system of music should be fighting for. But alas.

Poster above who talked about spoofing IP addresses and MAC addresses- if the RIAA has your IP address, then it should be your responsbility. I can't just choose an IP address at random and spoof it across the world, ISPs aren't stupid, and neither is their equipment configuration. The only way to do said 'spoofing' is indeed with a proxy (it isn't really spoofing); but if the RIAA has the defendant's IP address, and Cox confirms that the IP address was in use by this customer at this time, then it was definately their account. What the RIAA have a harder time proving, perhaps, is that it was her "box" or even her residence on which the alleged copyright infringement occured.

Jonathan said...

if the RIAA has your IP address, then it should be your responsbility.

Again, this assumes that the RIAA is making claims in good faith. As the recent Sony rootkit fiasco indicates, this may not be the case. It would seem RIAA constituent companies feel they don't have to follow the rules, and if randomly generating IP addresses to sue is good for PR (and their pocketbooks), then I wouldn't be too sure they wouldn't do it.

Anonymous said...

Poster above who talked about spoofing IP addresses and MAC addresses- if the RIAA has your IP address, then it should be your responsbility.

Think about this for a minute, it's not always true. If your computer gets compromised by a zero-day exploit for which there is no patch and you are unaware of it, how can you realistically blame them when someone else runs their P2P app through a proxy they (or someone else) set up on the machine? I'm not saying this happens a lot, or hell, even ever, but the fact is it's possible and it calls into question the validity of only using an IP as identifying information. The RIAA needs more than just that IP to prove that it was indeed the person who had the ISP account for that IP at the time doing the sharing.

Think about the above scenario with the zero-day exploit and all that. Let's say it's your PC and you never realized anything was wrong. Suddenly you're named in a lawsuit by the RIAA claiming you shared music you've never even owned or listened to, much less shared. In this scenario the files never resided on the PC in question, they were routed through it, at best bits and pieces of the files will be found in the slack space of the hard drive, but it's unlikely the full song could be found even if the PC was examined right after the file transferred.

Still think that person is legally responsible? Their only crime was stupidity when it comes to computers, and with all the security holes that Windows/IE/Outlook/Outlook Express have it's hard for even the IT people to keep up (hell I know I can't keep up with them all and it's part of my job). I know enough to prevent that scenario from happening, using a NAT Router for my home network, keeping my machines up to date, with anti-virus and things like Spybot Search & Destroy's Teatimer running to watch for modifications. I also don't use Outlook or Outlook Express, try to use Firefox instead of IE when possible and am careful where I go. But my ability to do all that takes an extroidinary amount of knowledge just to know WHAT to do to protect my system. There's no way the vast majority of people have this knowledge and most of the lawsuits we've heard about (where people are fighting back) the people most certainly don't.

The bottom line is that for the purpose of a lawsuit an IP is not absolute, that IP could have served as a proxy for another machine to do the downloading. The RIAA needs more proof than this, and the court needs to understand this.

Anonymous said...

Most Windows-based machines are "not working" afaic. ..but they're still chock full of spyware, adware, virii, illegal content, so boo hoo.

Anonymous said...

You have to remember though, the Plaintiffs are not trying to just sue using only the IP... all they need is to have enough information to go to trial. Then before trial during discovery, they will get the "box" that was at Defendant's house and any other physical evidence they can get. Furthermore, if your account is being used by someone you know to perform illegal tasks, you have a responsibility to stop it, granted you had a reasonable knowledge that something was going on. Of course, it's hard to prove reasonable knowledge, but if Defendant was married to the actual "perp" then it doesn't look good. Of course, the plaintiff has the burden of proof for all this however this case is not a criminal case and the burden of proof is not nearly as high for plaintiffs here. The moral is that if you are not going to use the internet in your house, don't sign the account! Anyway, just remember, all the "facts" and "proof" will be decided at trial (if this case gets there)

GLSmyth said...

Keep in mind that the Sony root kit potentially allows hackers to use the computer as a gateway.

It's funny to hear such comments as, "one should secure their network" when applied to the real world. Sure, I know how to do that and that's all well and good. However, my 75 year old mother would have absolutely no clue as to what I would be talking about.

Anyway, sometimes it's one's choice to allow their network to remain open - I do. If a neighbor of mine has a network that goes down, I'm perfectly fine with them using my bandwidth, just as I'd be fine with giving them a cup of sugar.

Cheers -

george

zi said...

I've been reading a lot of the depositions and what-nots (sorry, I don't know what the legal terms for all these documents are). One BIG question that is unanswered is hot exactly does the RIAA get these IP addresses? it's not like Kazaa or any of these programs show the IP's of anyone you're uploading to or downloading from. This is a question very few people are asking. They are assuming that the RIAA has legitimate IP addresses of downloaders. This is a giant game of poker and we have to call their hand. they are bluffing (as evidenced by the high rate of false accusations: eg. dead grandmas, people that don't own computers, people that use operating systems for which Kazaa doesn't offer a version, like Macs...)

MediaSentry saying that they use "proprietary" tools developed specially for the purpose doesn't cut it. Where the hell is the RIAA getting these IP addresses from? Nothing in these p2p clients show the IP. Only the username.. Unless we're talking about spyware and trojans that the RIAA and their goons are planting on people's computers to spy on them. (ahem.. Sony and their XCP crap being only 1 recent and highly publicized example).

Anonymous said...

MediaSentry saying that they use "proprietary" tools developed specially for the purpose doesn't cut it. Where the hell is the RIAA getting these IP addresses from? Nothing in these p2p clients show the IP. Only the username...

All you have to do is "browse host" in Limewire to see the IP address of the computer holding the audio/video/whatever file...I've used plenty of p2p apps over the years, and most have this ability.

Anonymous said...

Ty Rogers, Ray Beckerman, and Dan Singer.

The lawyers above forgot to add the tagline. Oh yes, we want your money!

Anonymous said...

I think that an unencrypted router ip is much like a neighbors water hose. If it is spilling water out to your property, go ahead and route it to your own lawn if you want. Just don't go turn it on - yourself.

Mike said...

Regardless of guilt or innocence, Thee RIAA $150,000 fine for one track of one CD seems a bit steep. Would you get a $150,000 fine if you stole a 99 cent king size candy bar? I use 99 cents as this is the going price for a audio track. I thought it couldn't get any worse, and I was wrong. I recently read about some sony suit complaining that a picture of a kid dressed as the cookie monster on halloween infringed on the Seasame Street copyright. Todays letters are F and U.

Mike said...
This comment has been removed by a blog administrator.
Mike said...

Oh, forgot. To anyone that says to use WEP encryption (what most people seem to use). It's pretty well known that if someone knows what they're doing, WEP cracking takes as much time as lockpicking. But that doesn't matter, because most people don't even know how to use that crappy excuse for security. They shouldn't be held liable for fraudulent use. If someone steals a gun and robs a bank, the gun owner didn't commit a crime, the thief did. No one comes at the guy who had his pistol stolen as he didn't break any law. By the same logic a carjacking victim could be sued by whoever the attacker ran into (or over).

Anonymous said...

Thats what WPA is for

Anonymous said...

The problem with what is going on is that the court system allows one party to sue another for anything. As long as I could afford to do so, I could sue my neighbor for having a bigger house than me. The problem my neighbor runs into is that the court system will not simply drop the case by itself, he is going to have to find a lawyer and file to have to case thrown out. What the RIAA is doing is just sueing everyone using their IP alone, and counting on the fact that most of the people were trading music and cant afford what will happen if they fight it and lose. So what happens is everyone just gives in because they do not have the time and money that the RIAA can afford to put into the fight.

zi said...

All you have to do is "browse host" in Limewire to see the IP address of the computer holding the audio/video/whatever file...I've used plenty of p2p apps over the years, and most have this ability.

most of these cases are dealing with Kazaa, or Grokster, not LimeWire. I use BitTorrent clients and IP addresses of peers are out in the open. I now have Kazaa installed on a test machine (note to others: DO NOT EVER do this to a machine you intend to keep in nice working order). Kazaa does not show IP addresses.

I still don't have an answer as to where MediaSentry is getting these IP's, Apparently, no one does.

Anonymous said...

I still don't have an answer as to where MediaSentry is getting these IP's, Apparently, no one does.

Just because kazaa doesn't show them, doesn't mean an auxiliary program running alongside kazaa, or even a simple bit of added code to kazaa, can't. The fact Limewire (and I'm pretty sure Ares & Shareazaa) can show IP's clearly indicates it's not a difficult thing to obtain.

Anonymous said...

I wonder if the 'proprietary software' being use is 'legal' or a honeypot version of kazaa that is modified to snag IP addresses, etc when people download from it. If so, wouldn't that be entrapment on the part of RIAA?

Anonymous said...

ok how to find someones ip whe you download from them this is fairly easy and anyone could do it. open a msdos prompt (start -> run -> cmd) type netstat you will get a list of all your current connections. start a download. type netstat again. the extra ip(s) are the ips of the client you are downloading from.

media sentry i believe uses a different approach by conencting a bot to the kazaa network they harvest search results on popular files, which (invisible to the user) also return an ip address so that a connection can be made if you choose to download something. This gives them a list of ips sharing a file which matches the search criteria.

Chuck said...

It seems that many of the comments here concern unauthorized usage of a wireless connection (via someone's wireless home network).
As suggested by other commentors, securing your network is an excellent idea and the way to go. However, an unsecured wireless signal is NOT just up for grabs. While you are allowed to recieve an open, unencrypted signal, you are not necessarily allowed to make use of that signal for two way communication. In other words, while you are allowed to recieve signals like police radio communications, you are not allowed to "talk back" to the police. An open, unencrypted wireless home network signal is considered to be similar. Those who do make use of the open signal for two way communication (without prior authorization) are subject to charges of unauthorized use (of a computer or network), theft of services, and computer trespass should they be caught using that signal.

kargandarr said...

Just because kazaa doesn't show them, doesn't mean an auxiliary program running alongside kazaa, or even a simple bit of added code to kazaa, can't. The fact Limewire (and I'm pretty sure Ares & Shareazaa) can show IP's clearly indicates it's not a difficult thing to obtain.

in response to this posti know for a fact that shareaza does show ip addresses in the search screens

Amroth said...

What I think the RIAA does is seach Kazaa for popular songs. When the find one they see if they can download it. While they're downloading it they run an aux program that tells them what IP address they are connected to. Kazaa might not show what IP address your downloading from, but an aux program could be programmed to find out.

Next time you're running P2P software, go to Start|Run and then type in command. Then type in netstat. You'll see a list of every computer connected to you. From there it's not hard to find an IP address.

bionic5678 said...

Concealing IP address is easy enough. check out tor.eff.org. Use that in combination with privoxy, turn off active x, java, javascript and flash... poof, you have an anonymous connection that is not traceable.

Note, while Tor CAN be used for all sorts of things besides just browsers and has been used for p2p apps, users will find that downloading through Tor takes longer. A small price to pay for the anonymity.

Also, setting up a Tor server is easy and allows people to contribute bandwidth to the Tor network and improve its performancee and anonymity. (the more servers, the better it works)