Sunday, October 28, 2007

Important Discussion on Groklaw: What Documents and Things to Request from MediaSentry

Groklaw has initiated an important discussion of what documents, data, & things should be requested, by defendants' lawyers, from MediaSentry.

Please take a look at the discussion:

"A Lawyer Wishes to Pick Your Brain- Re Media Sentry"

Commentary & discussion:

p2pnet.net
p2pnet.net





Keywords: digital copyright online law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs





6 comments:

Anonymous said...

You may have seen this first suggestion posted already other places, but I agree that what you need from MediaSentry is an image of the hard drive that actually captured the data as close to that moment of actual evidence collection as possible, and an interview with the technician who performed the invasive, possibly illegal in many states, investigation to find out what his level of knowledge was at the time that the so-called evidence was gathered.

You also need to know what program(s) he was running and - very important - what IP address he was using at that time? The KaZaA user name(s) he identified himself by to download could prove important as well - in addition to what files he was sharing at that time. Was there any spyware/adware on his machine? When did he last run a virus scan, and using what program and virus definition files? Was any of his software stolen, unlicensed, hacked in defiance of the license agreements, or otherwise fraudulent? What files was he specifically looking for that night? How did he ensure that the evidence he gathered didn't come from a multi-sourced download? How was that evidence protected from contamination, mislabeling, or any other damage from then until now? How accurate was the clock on his computer that he created his timestamps from? Who has peer reviewed his data collection methods? What proof is there that this whole thing wasn't just made up by him? How many other people did he scan that night? Why did he report this IP address instead of others? Did he chat with the user at all during the downloads (would indicate if there was someone at the keyboard). What are the exact contents of those chat messages? What parameters was he instructed to search for (file names, total files shared, user names that might match real names)? What known flaws exist in his investigation methods? Could any of those flaws have existed in this case? Has he ever stolen music himself?

That's all I can think of off the top of my head.

Anonymous said...

Ray,

Does Media Sentry have to prove that their data collection methods are accurate because unlike, say, fingerprints, collecting data this way hasn't been around for a century to prove its worth?

Or do you have to prove that their methods are inaccurate, or leave the door open to many forms of tampering and/or error.

OJ Simpson, after all, got off in part because a blood vial taken from him wasn't filled exactly up to the fill line, allowing for the suggestion that some of that blood had been taken and planted in a way to incriminate him.

Ray Beckerman said...

the former

mhoyes62 said...

1st, a screen shot is worthless. It does not have any information that can be proved. You can not play a screen shot. Additionally, the way Kazaa works, the servers would keep a cache of files available, and that cache would not get cleared, so it would often indicate files available at a location that were from previous users of the service.

2nd, You need to get a copy of every file downloaded during the session.

3rd, you need a network log of all traffic in and out of the media sentry network during the session. Even though it says that a file is available on a particular computer and you start a download, there is no guarantee that the file was only received from that source. This means you need every packet received, not just a printout of them.

4th, you need an evidence trace showing the difference in timestamps between the media sentry computers and the ISP at the time of the download.

5th, you need a log of when, and how often the dynamic address was assigned and for how long in the time frame in question and for several hours before and after. Any of the people that were assigned the address could have been on kazaa instead.

6th, a list of all files that were seeded on the kazaa network by Media Safe. It could be that the files indicated are not real copies, but media safe trash copies.

------

The issue is, you need to get their expert to admit that there is no way of really telling what computer was connected, nor what user was on it. Additionally, there are worms and other viruses that used the kazaa network.

michael

Richard said...

I didn’t see anyone else pointing out that the Traceroute failed. If it had been successful, the line above ‘Trace complete.’ Should have read something like
pool-141-155-57-198.ny325.east.verizon.net [141.155.57.198] 48ms Succes

A valid traceroute is crucial to the plaintiffs case. Without it none of the rest of their evidence has any value since there is no evidence that any of it was collected over the Internet from their office near Dayton Ohio to New York City. It could easily have been done within their office with a few PCs that were never connected to the Internet.

If MediaSentry was conducting a valid investigation, they would have abandoned it when the traceroute failed.

pepper said...

"What proof is there that this whole thing wasn't just made up by him?"

Valid question, so how does one know that MediaSentry isn't just making things up as they go along? Who with valid authority is keeping them honest?

The riaa's trail is full of lies and holes...