Thursday, July 17, 2008

Collection of testimony about not being able to 'detect an individual'

As most readers know, the RIAA has been fond of telling judges that their investigator "detected an individual", which was directly contradicted by the deposition testimony of its expert witness, Dr. Doug Jacobson, at his February 23, 2007, deposition in UMG v. Lindor.

I've prepared a collection of some excerpts from that deposition on that point:

Jacobson on Not Being Able to Detect Individuals

The full transcript of Dr. Jacobson's deposition is here.

Keywords: digital copyright law online internet law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs intellectual property


Lior said...

Mr. Beckerman: I think you should be careful when using this deposition, since your questions display a small misunderstanding about what MAC addresses, devices, and identification, mean in this context.

First, MAC addresses describe physical devices connected to a local network. Each network card has a MAC address. The typical client connects his local network to the ISP by modem (dial-up, ADSL or cable), via a gateway device (this could be one of his computers, a dedicated computer, a router, or even a router in the same box as the modem). In the broadband setting the ISP probably knowns which cable modem was there, and by probing the cable modem might have been able to tell the MAC address of the gateway device, but I doubt that they do that in practice. On dial-up they can't even do that.

IP addresses are logical, and describe devices in a larger network. The IP address doesn't describe a unique MAC address even if it always describes the same computer. For example, I could replace the ethernet card on my computer but still have the same IP address assigned by the ISP.

Thus Mr. Jacobson is justifiably confused on the top of page 59, and correct when he says that you can't identify the MAC address on p. 60 line 16. There is simply no way for Mr. Jacobson (even with ISP data but without logs from the suspected computer) to tell which device it was that was connected to the internet at the IP address.

Secondly, you were right in stating that since the gateway device (whose IP is the one known to the ISP) can be distinct from the client computer, the known IP address doesn't by itself identify any particular computer -- if a gateway was in fact used. Mr. Jacobson is also right when he says (p. 59 l. 18) that analysis of the outgoing traffic can sometimes identify what's hiding behind a NAT, so in theory it might be possible to "lift the veil". However, he didn't do such analysis, and in fact couldn't: since he didn't see all the traffic (only Kazaa traffic between him and the NAT) he has no way to telling how many devices were hiding there or which is the one that was the source of the communication.

StephenH said...

This is powerful evidence! It clearly shows that RIAA's own expert does not have enough forensic evidence to identify who is really in front of the computer, or who is behind the private side of a router or wireless access point. They only identify the person paying the bill at best.

Anonymous said...


In your fourth paragraph, you outline exactly what I think Ray is trying to do and that is show how wrong and confused Mr. Jacobson's testimony is. (Don't mean to put words in Ray's mouth if I'm wrong)

dts said...

It's also effective evidence because it clearly contradicts what the RIAA has been happily repeating over and over where they see fit. Once the contradiction is brought up, it should at least throw doubt upon their statements and make way for proper explanation and revelation of their so-called methodology -- not something the RIAA is going to like.

Anonymous said...

The RIAA cannot, without being in the room or activating a web-cam connected to the computer, identify who is sitting in front of it performing filesharing. In fact, since once started filesharing is an automatic act by the P2P programs involved, it's not as though the typical user gives their direct consent to each file upload. Therefore they have never "identified an individual" unless they manage to identify the exact computer in use at the time and a person swears that no one other than themselves has ever used that computer.

With an IP address and a timestamp the RIAA cannot with certainty identify the actual computer used in any alleged filesharing. Through the use of NAT (a technology you must be quite familiar with by now) a single IP address out on the Internet at large can literally represent hundreds or more computers residing behind one or multiple layers of NAT. NAT is a wonderful solution to the scarcity of true IP addresses under IPv4, and generally works seamlessly to the user. Even if the RIAA forensic experts find infringing files on a suspect computer that is no proof that this was the computer sharing the files. In the same way they "image" a hard disc drive to inspect its contents, that same hard drive image could exist on hundreds of other computers. In short, the RIAA cannot identify the actual infringing computer, let alone the user operating it at the time.

Of course this does not stop them from their claims of identifying an individual engaged in copyright infringement based on their IP information, a clock that may, or may not, be accurate, and screen shots.

Then what is left? All the RIAA has shown so far is an ability to *possibly* detect the ISP account holder and fraudulently claim that they either are the filesharer they seek, or know who the filesharer is, and are at least guilty of contributory copyright infringement. This identification is problematical for a variety of reasons:

First the ISP account holder may not even use a computer him or herself. If so, there are no grounds at all for suing them except to extort their cooperation in a manner that should be illegal in any civilized society.

Secondly they may have an unsecured WiFi router in their house allowing others to piggyback off of their connection without their knowledge. (Note: very few WiFi routers are truly secure, and even then only when setup properly, which is beyond the expertise of the average home user who hopes to just plug it in and have it work.)

Thirdly someone may be stealing their service by a method such as setting up another cable modem with the same MAC address on the shared cable loop and using it when the normal user is at work or asleep. This is most easily accomplished on cable systems and college networks, as compared to DSL lines which are more point-to-point connections and would require tapping the actual telephone line.

Fourthly the RIAA has desperately tried to cover-up the ugly truth that they have sent out many demands for account holder information while providing IP addresses and timestamps that do not map to any known user at the time. While it is not a problem when an IP/TS combination clearly maps to no known user, sometimes with IP addresses that have never been officially assigned by their owner (Note: Media Defender and possibly other organizations make use of unassigned IP addresses in attempts to get around Block Lists), it becomes a real problem if this misidentification points to another valid *wrong* account holder. In a serious case all entities such Media Defender (not Media Sentry) should be subpoenaed as possible culprits in spoofing your client's IP address and forced to divulge any tactics they have employed that might have incriminated your client.

Conclusion: Not only cannot the RIAA identify any specific individual as the filesharer they seek to sue, nor can they reliably even identify the infringing computer (Note: this is why they demand imaging every computer that was ever in the house in question, belying their claim that they properly identified the proper individual), nor can they reliably even identify the ISP account holder in question, leaving it clear that they never had any evidence that the account holder had anything to do with the filesharing in the first place.

The RIAA has no evidence sufficient to put another person through the legal wringer and its a national disgrace that so many judges have allowed them to proceed with these cases at all.

{The Common Man Speaking}

hsm said...

Is there a procedure to put this and other collections of information in front of a judge or judges(given the number of cases involved)? Seems from observation, the reason thus far for bad decisions may simply relate to a lack of technical understanding. Further the fact that RIAA actions in other domains seem 'invisible' must contribute to there ability to 'win' more bad decisions. Would be nice if there was some way to fix this...

recordjackethistorian said...

I think it would be wise not to critique Ray's questioning techniques. He's an expert at it. What would be helpful is for concrete information be made available for his to use when framing his questions. In the case of Hardware addresses and routing questions I think the appropriate RFC is a good thing to look at.

An information packet on the Internet is not a static thing, it gets changed as needed across the Internet. Only its information payload must remain intact. A hardware address is the type of thing that is expendable when need be. An example of the kind of links and information I am talking about is this one:

The RCF (Request for Comments) for "Routing Encapsulation". Sounds complicated but might be a place to start and then what is not understood clearly is where Ray's experts come in. The link above is not the only one. I basically searched for the terms RFC, IP, routing and hardware address.

I have a little knowledge of this subject, enough to know that the "expert" testimony in this case is flawed. I am not expert enough to give authoritative information. I can, however, point in the right directions.

Hardware addresses need only be kept between one router and the next. Each packet has a defined size. It cannot hold all the information about where its been and which route it took. This is a hint about the direction to look.


Alter_Fritz said...

the CMS said

"Therefore they have never "identified an individual" unless they manage to identify the exact computer in use at the time and a person swears that no one other than themselves has ever used that computer."

Even with such a swear they have not!
Millions of peoples out there that probably would swear such a thing have right now their computer operated by a 3rd entity and they have absolutely no clue about that!
RIAA can NEVER EVER identify an individual with the methodology they use, period!