In Capitol Records v. Thomas, Jammie Thomas has filed the expert witness report of her expert, Professor Yongdae Kim of the Department of Computer Science of the University of Minnesota.
Professor Kim concluded that MediaSentry's methods are untrustworthy:
MediaSentry claims to have much experience in identifying individual committing copyright infringement. However, they insist that their methods are proprietary and thus cannot be subject to scrutiny by an impartial third party. No academic studies exist of their internal investigative techniques, methods, software, data collection practices, or even employee training in retaining collected data in a way that would allow for it to be used as evidence at a trial. While this report will address specific methodology questions at a later time, it suffices to say for the moment that MediaSentry’s claims of their ability to record activity on the FastTrack network and identity individual computers used to commit copyright infringement are not only unproven, but highly unlikely to be accurate. Combined with the incentive to accuse as many users as possible due to both the supposed deterrent effect on file sharing and the likely per-user compensation scheme that may exist between the Recording Industry Association of America (RIAA) and MediaSentry, their allegations are highly suspect.The report discussed various types of 3rd party attacks to which computers are subject, and noted:
A miscreant wishing to cover his or her tracks on the Internet has many options, the most likely of which is direct exploitation of one or more computers owned by a third party. Those computers can then be used for activity that the malicious party would not want linked to his or her Internet account. The average uninfected “life expectancy” of an Internet-connected computer running the Microsoft Windows XP operating system without any security updates (“patches”) is as low as 4 minutes . Since all Windows XP systems attempt to connect to the Internet immediately upon installation/first boot, and since it requires some time to download all security updates from Microsoft (which, for a newly-installed Windows XP system, can measure in gigabytes, with a typical Internet connection only capable of handling a few megabytes per second), it would not be surprising that any given Internet-connected Windows XP computer be infected with any number of pieces of “malware” (software malicious to the user of the computer on which it is installed).Commenting on Dr. Jacobson's report, Dr. Kim stated:
Dr. Jacobson’s expert witness and supplemental reports contain multiple factual errors and mis-statements of fact regarding the technologies relevant tothis case, and show evidence of faulty logic in making conclusions. Dr. Jacobson not only does not consider any alternative explanations for the log data provided by MediaSentry other than what is alleged by the plaintiff, but also fails to definitively bridge the gap between the evidence presented by MediaSentry and the identity of the computer used in the alleged infringement.Dr. Kim attacked the "postal system" and other analogies employed by Dr. Jacobson as "simply false":
Dr. Jacobson draws the dubious analogy between the postal system and the Internet. This analogy is not only flawed in several respects, but provides the illusion of intuitive understanding of Internet technologies that is simply false. If we were to use that analogy, we must first assume that all letters travel in fully transparent envelopes. Second, that there are several postal stations between source and destination, and the postmaster at each station can re-write the letter in any way without being detected.4 Furthermore, the postmaster at any intermediate location the letter visits would be able to write a new letter from scratch and send it to a destination, faking the return address. All letters in response to the forged letter would be intercepted by our malicious postmaster, while the person on the other side of the exchange believes themselves to be corresponding with a person at another address altogether. This is called the “man-in-the-middle” (MITM) attack. This report has already mentioned the possibility that such an attack was carried out.
The analogy between networks and zip codes is also lacking, since it does not convey the ability of malicious postal operators to steal a chosen zip code and redirect all mail bound for addresses contained within it, nor does it allow for the potentially malicious movement of addresses between zip codes. Finally, it does not allow for the outright creation of zip codes, complete with fictitious addresses. All these events are difficult to detect and even more difficult to prevent.
The purpose of the above description is not to confuse anyone, but rather to show that the analogy Dr. Jacobson provided is dangerous in the sense that it conveys a great simplicity and determinism to the way the Internet works. This is not the case, and so we must drop this analogy altogether lest it affects our thinking about the actual technologies involved in this case. Therefore, let us drop the faulty analogy and move on.
Expert Witness Report of Prof. Yongdae Kim
Commentary & discussion:
Keywords: lawyer digital copyright law online internet law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs intellectual property portable music player