Tuesday, March 03, 2009

Expert witness report attacking MediaSentry and refuting RIAA's expert is served by defendant in Capitol Records v. Thomas

In Capitol Records v. Thomas, Jammie Thomas has filed the expert witness report of her expert, Professor Yongdae Kim of the Department of Computer Science of the University of Minnesota.

Professor Kim concluded that MediaSentry's methods are untrustworthy:

MediaSentry claims to have much experience in identifying individual committing copyright infringement. However, they insist that their methods are proprietary and thus cannot be subject to scrutiny by an impartial third party. No academic studies exist of their internal investigative techniques, methods, software, data collection practices, or even employee training in retaining collected data in a way that would allow for it to be used as evidence at a trial. While this report will address specific methodology questions at a later time, it suffices to say for the moment that MediaSentry’s claims of their ability to record activity on the FastTrack network and identity individual computers used to commit copyright infringement are not only unproven, but highly unlikely to be accurate. Combined with the incentive to accuse as many users as possible due to both the supposed deterrent effect on file sharing and the likely per-user compensation scheme that may exist between the Recording Industry Association of America (RIAA) and MediaSentry, their allegations are highly suspect.
The report discussed various types of 3rd party attacks to which computers are subject, and noted:
A miscreant wishing to cover his or her tracks on the Internet has many options, the most likely of which is direct exploitation of one or more computers owned by a third party. Those computers can then be used for activity that the malicious party would not want linked to his or her Internet account. The average uninfected “life expectancy” of an Internet-connected computer running the Microsoft Windows XP operating system without any security updates (“patches”) is as low as 4 minutes [15]. Since all Windows XP systems attempt to connect to the Internet immediately upon installation/first boot, and since it requires some time to download all security updates from Microsoft (which, for a newly-installed Windows XP system, can measure in gigabytes, with a typical Internet connection only capable of handling a few megabytes per second), it would not be surprising that any given Internet-connected Windows XP computer be infected with any number of pieces of “malware” (software malicious to the user of the computer on which it is installed).
Commenting on Dr. Jacobson's report, Dr. Kim stated:
Dr. Jacobson’s expert witness and supplemental reports contain multiple factual errors and mis-statements of fact regarding the technologies relevant tothis case, and show evidence of faulty logic in making conclusions. Dr. Jacobson not only does not consider any alternative explanations for the log data provided by MediaSentry other than what is alleged by the plaintiff, but also fails to definitively bridge the gap between the evidence presented by MediaSentry and the identity of the computer used in the alleged infringement.
Dr. Kim attacked the "postal system" and other analogies employed by Dr. Jacobson as "simply false":
Dr. Jacobson draws the dubious analogy between the postal system and the Internet. This analogy is not only flawed in several respects, but provides the illusion of intuitive understanding of Internet technologies that is simply false. If we were to use that analogy, we must first assume that all letters travel in fully transparent envelopes. Second, that there are several postal stations between source and destination, and the postmaster at each station can re-write the letter in any way without being detected.4 Furthermore, the postmaster at any intermediate location the letter visits would be able to write a new letter from scratch and send it to a destination, faking the return address. All letters in response to the forged letter would be intercepted by our malicious postmaster, while the person on the other side of the exchange believes themselves to be corresponding with a person at another address altogether. This is called the “man-in-the-middle” (MITM) attack. This report has already mentioned the possibility that such an attack was carried out.

The analogy between networks and zip codes is also lacking, since it does not convey the ability of malicious postal operators to steal a chosen zip code and redirect all mail bound for addresses contained within it, nor does it allow for the potentially malicious movement of addresses between zip codes. Finally, it does not allow for the outright creation of zip codes, complete with fictitious addresses. All these events are difficult to detect and even more difficult to prevent.

The purpose of the above description is not to confuse anyone, but rather to show that the analogy Dr. Jacobson provided is dangerous in the sense that it conveys a great simplicity and determinism to the way the Internet works. This is not the case, and so we must drop this analogy altogether lest it affects our thinking about the actual technologies involved in this case. Therefore, let us drop the faulty analogy and move on.


Expert Witness Report of Prof. Yongdae Kim

Commentary & discussion:

Slashdot
p2pnet.net
Blown to Bits
Ars Technica




Keywords: lawyer digital copyright law online internet law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs intellectual property portable music player

5 comments:

D. C. said...

So far no mention of the "D" word: Daubert. There's one that's likely to get ugly looks in some quarters.

Alter_Fritz said...

D.C.
this expert is not a lawyer!
It would be outside his expertise field to claim that the plaintiffs "expert" does not meet in the slightest the Daubert standards.

Prof. Kim's expertise is there to show the flaws and nonsense that this "expert" Jacobson produced for plaintiffs.

And Prof. Kim did that one in easy to understand words.

It's for the presiding judge to say that Jacobson is a "joke", not qualified to give expert testimony and that he fails Daubert. (and i guess of course it is the defendant's lawyer's job to attack such nonsense "experts" and to object to the introduction of so called "evidence" that is nothing more than by hand manipulated screenshots!)
Every malicious plaintiff can create such screenshots.
These days you must not even pay tens of thousands of dollars to criminal statute violating guys like MediaSentry for that.
There are public websites that allows anyone to create "evidence"(*) that is the same like the ones plaintiffs use before your courts.

So given Prof. Kim's report here, any impartial judge certainly should come to the conclusion that Jacobson's expert testimony is "a joke".


(*) http://www.piratbyran.org/bevismaskinen/
(just enter the values and the p2p application you want an evidence screenshot from and you can "proof" what ever pleases you when you have judges that accept screenshots as evidence)

T2 said...

Well written and factually accurate. I had also read the original Jacobson report. In comparing the two documents, the Jacobson report is to the Kim report as a free computer skills class at Best Buy is to a Stanford University computer science class (my alma mater and where I taught as a grad student prior to joining/co-founding a series of Silicon Valley companies):

- the former is oversimplistic, glosses over key refinements, and does so with a bias that favors the plaintiff; if he was hired by Da Vinci to describe a Mondrian, he'd have called it "a bunch of colored squares" (a true statement but hardly fair art criticism).

- the latter requires more technical depth to understand but presents the issue/technology at hand with attention to the crucial details which raise valid doubts on the plaintiff's claims; if the same painting style was described, it'd read like "a geometric art form that deviates from exact representation and may not appeal to all."

The RIAA's legal tactics have turned off many lawyers like Ray, who perceive them as abusive of the legal system. The technical merits (or lack thereof) of MediaSentry's investigation are equally unsettling to computer experts. The attempt to implicate investors in startups that possibly tread on the uncharted waters of copyright law is unsettling to business investors. The fear tactics (and plain annoying moves like "educational ads" before movies at the theater) are increasingly a turn off for consumers.

One might conclude that the RIAA seems to have as its prime intent to destroy the very industry it represents, while enriching the pockets of its law firm. I sincerely support the music industry, even the EMIs and the other big guys who are now letting the RIAA run amock; because, back in the day when distribution was tough, they took big risks, and nurtured wonderful artists whose music stamped memories of my youth. So I am saddened to see them taken for a ride by the RIAA and its law firm who are doing a marvelous job conning them out of their money, which would be best invested in innovation and adaptation to changing technology.

Anonymous said...

T2 said:

The RIAA's legal tactics have turned off many lawyers like Ray, who perceive them as abusive of the legal system.

This man concludes that the legal system must like being abused in this manner because it permits it to continue long after it has ceased being amusing.

if he was hired by Da Vinci to describe a Mondrian, he'd have called it "a bunch of colored squares

A wonderful analogy. Have you copyrighted it?

{The Common Man Speaking}

Anonymous said...

Although I fully support the analysis and conclusions of the report,I am afraid that this report will be more valuable in futre cases than it will be in this one.

It presents many alternatives to explain why the 'individual' may not be correct. It does not, however, prove that the RIAA's explanation is unreasonable. As an experts report, I understand it is not the experts responsibility but it is up to the defendent to provide evidence that one of those alternatives could reasonably explain why the defendent is not the 'individual' at fault.

The RIAA has provided a weak but understandable set of facts that they present as proof that the defendent is the 'individual'. Absent some set of facts to support one of the alternatives in this report, the RIAA has the only explination on the table.

Flashman