Tuesday, May 12, 2009

Defendants move for summary judgment dismissing Andersen v. Atlantic Recording class action

In the Oregon class action against the RIAA, MediaSentry, the record companies, and Settlement Support Center, Andersen v. Atlantic Recording, the defendants have moved for summary judgment dismissing the complaint, replacing their previous motion for "judgment on the pleadings".

Statement of Material Facts in Support of Defendants' Motion for Summary Judgment
Memorandum of Law
Jacobson Declaration
Connelly Declaration

Commentary & discussion:

p2pnet.net



Keywords: lawyer digital copyright law online internet law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs intellectual property portable music player

19 comments:

Anonymous said...

In reference to the Connelly declaration, at what point is there some "proprietary and trade secret" information being used? I just skimmed through it and didn't see any mention of these highly secretive methods that MediaSenty uses.

This then makes me wonder who can I call liar? The group who claims their methods are a trade secret or the group (like this Connelly fella) who just does what any other file-sharer would do?

I mean, one of them has to be lying? Or did I read something into this?

Ray Beckerman said...

Comment deleted for violation of comment policy #2.

Anonymous said...

What ever happened to the Hartwich declarations that claim accessing the hard drive of the computer that was connected to by Media Sentry. What ever happened to the claim that Media Sentry downloaded a sample of the available files, now they download all the files. What kind of server do they have that can down load 1200 songs in a few seconds? there are some serious questions to be asked.

Ray Beckerman said...

There should be depositions of these characters BEFORE the summary judgment motion practice.

Alter_Fritz said...

Hm, do we finaly have Douglas J.'s botty?

He is swearing things about MediaSentry ("MediaSentry has this, does that, ect.")

But he had sworn before that he has no personal knowledge what MediaSentry does, and that he is not involved in the stuff MS does.

Now in this declaration he swears under penalty stuff as if he has personal knowledge non the less.
Nowhere is there a hint that it is just hearsay belief of a guy whose modus operandi towards the issues at hand is allegedly "borderline to incompetence"!

Anonymous said...

If memory serves me correctly, didn't Media Sentry find some embarrassing content on one of the computers it hacked, and didn't the RIAA try to use that content to attempt to shame the owner into a settlement?

Anonymous said...

Pay close note to the Jacobsen declaration.

Paragraph 30 asserts that p-2-p software (was it theirs only, or all software?) ignores network address translation. If that's the case, then one of two things should be true.

1. Nearly every IP address captured by MediaSentry/SafeNet should be in the range 192.168.*.*. If that is the case, there is no way they should be able to identify any single computer. That range is designated for private addressing, and is repeated by just about every consumer-grade router, DSL modem, and cable modem I've ever heard of. If this is true, then they have precisely zero evidence.

2. Douglas Jacobsen has no idea what he's talking about.

After studying his declaration, I tend to option two.

-Quiet Lurker

Anonymous said...

Did anyone else laugh out loud at item 10 in the Connelly Declaration? Not only does it directly contradict what is stated previously (in item 4), its an outright lie. Item 4 has the statement: "With the installation of the software, the user creates a “shared” folder on his or her computer in which to store the files that the user downloads from the service, which are then available for copying by other user." Remember that part, (copying by other user)

Now, all of sudden in item 10, “…MediaSentry simply requested a copy of these eleven files. The computer on which the files were located then responded by making a copy of each of the eleven digital audio files and transmitting those copies to MediaSentry."

Really? The computer receiving a request for a file which it allegedly already has a complete copy of makes another complete copy of that file and then sends that copy to the requestor? Since when? The copy that MediaSentry made was made by MediaSentry, not by the computer from which they requested.

Sp, is this another example of someone misstating a fact on behalf of the RIAA or can we call it an outright lie?

Marsvenge

Anonymous said...

Upon further consideration, Connelly's lie would seem to be a positive. The most plausible reason for Connelly's lie is that the recording industry has read, understood, and is in fear that Patry's views on this matter will ultimately prevail, that is, it is the downloader (the one requesting and making the copy) that may be directly liable (the primary infringement) and that the person behind the computer with the complete version allowing the downloader to make the copy is at worst maybe secondarily liable (contributory infringement, not direct). Since MediaSentry was an authorized agent of the recording industry at the time they (MediaSentry) made the copy, the person they are suing isn't liable. After all, it's MediaSentry that would be the direct infringer (since they made the copy). Connelly's lie tries to pass the buck.

It seems to be taken for granted by both sides that since this is the most reasonable and rational application of the law as it is currently written to the technology (as it exists today) it will be some time before it acutally is applied that way (if ever). The recording industry obviously saw a window of opportunity where the judges may or may not understand the law but have acknowledged that they do not understand the technology. Connelly's lie seems to be an effort to take advantage of this window of opportunity for the recording industry before it closes.

Marsvenge

Michael Donnelly said...

So is this a motion for dismissal or summary judgment? I'm no lawyer, but I have a basic understanding of procedure and I don't think you can have summary judgment without discovery first. If it's a motion to dismiss, that's a whole 'nother matter.

I'm with Ray, let's get some depos of these clowns.

Anonymous said...

Probably cause is only created by the illegal unlicensed investigation, months before any suit is filed.

Anonymous said...

Quiet Lurker:

What makes you think MediaSentry would have captured predominately subnet addresses? On the internet, the packets certainly travel to and from a public IP, not a 192.168.* address.

One could hypothesize about what percent of file sharers in the US are behind routers or using NAT or something. Do you have any data on that? And you'd still need to explain where in the packet the private IP is hiding.

XYZZY

Anonymous said...

Michael Donnelly:

This is a motion for summary judgement. If summary judgment is granted, the case is over. Generally speaking, it is possible for summary judgment to be obtained before discovery. I don't expect that to happen here.

XYZZY

Anonymous said...

xyzzy -

What makes you think MediaSentry would have captured predominately subnet addresses? On the internet, the packets certainly travel to and from a public IP, not a 192.168.* address.

Jacobson states in par. 30 of his declaration that peer to peer software disregards network address translation. Therefore, according to his testimony, MediaSentry should be getting 192.168.* addresses.

One could hypothesize about what percent of file sharers in the US are behind routers or using NAT or something. Do you have any data on that? And you'd still need to explain where in the packet the private IP is hiding.

The only response to that that I can offer is my own experience and research, which I repeat here verbatim: That range is designated for private addressing, and is repeated by just about every consumer-grade router, DSL modem, and cable modem I've ever heard of. - thinks a moment -

No, there are DSL and cable modems that have exactly one upstream side (meaning pointing to the internet) and one downstream (meaning pointing to the computer). Those don't assign more than one IP address, and that only for routing purposes. A lack of a host IP would likely cause issues at the transport/link layer.

I have no knowledge of how many file sharers are or are not behind routers/dsl modems/other. However, if they are, and they are on the net, then their computer will appear to have an address not in 192.168.*.

I can also state with some confidence that the 'hidden' IP address would not appear in the packet, even UDP. That information would be (would have to be) internal to the router, maintained in the routing table.

-Quiet Lurker

Alter_Fritz said...

I can also state with some confidence that the 'hidden' IP address would not appear in the packet, even UDP. That information would be (would have to be) internal to the router, maintained in the routing table.
-Quiet Lurker
But please take note that "Borderliner Doug" Jacobson has in prior cases claimed that there is a "x-kazza IP" information in those packets transported by the kazza application. and that he is because of that information for example able to identify that no NATing (wifi)router was used! [OK, we ignore for the sake of his argument that any innocent people framing pirate is of course unable to use some other ranges then those for private networks on the "internal side" that he claims that would be the IP that shows in those x-kazza IP packets!]

OK, I admit I don't understand how his now reasoning is in accordance with his prior claims in other cases since I was thinking the same about the 192.168.n.n that would show up in those additional metadata he claims that kazza sends in its packets.
Maybe we need to ask Prof. Pouwelse or some other real expert what Dr. J. might wanted to say with para. 30 here or about this prior claim regarding kazza packets by our privacy violating "expert" Mr. J.?

(Oh, on a sidenote, I just thought about it since I have not looked back this time; was in Andersen even kazza used or was it some other application?)

Anonymous said...

Alter_Fritz, Quiet Lurker:

Of course different KaZaA clients behave differently, and many people use special settings on their routers, like DMZ settings, that are not so simple as NAT. Others (not many, probably) run torrent over Tor or DMZs. Some cable and DSL modems can be configured either to route, or else to pass their IP along to the computer behind them. College students often have real IP addresses.

While you might find a few trends regarding private network IPs, there are certainly no hard and fast rules.

Any time the RIAA claims otherwise, they're probably intentionally vague or simply wrong.

XYZZY

Anonymous said...

right, I know you're more used to legalese.

NAT works because IP adresses have 65535 available ports to form a connection on. When you make a connection to a website, your computer makes a connection to port 80. For a secure website it is port 443. This is the destination of the connection, but in order to receive replys the website has to be able to send them. This is done from another higher unassigned port. and is also why there are so many.

NAT boxes hack the return address on the way out so the return call comes to the public IP address of the NAT box. Otherwise it couldn't operate. Knowing the return addresses it has hacked, it can re-route expected incoming mail to the appropriate interfaces.

BitTorrent trackers and other filesharing software keep a list of IP addresses and ports advertising through the tracker/service that they have some content to share. These *have* to be the public IP addresses, otherwise people won't be able to connect to you. Of course poorly configured clients are far from unknown, so they're unreliable and may indeed contain private addresses. In fact hacker chat has frequently joked about inserting IP addresses belonging to public officials passing/supporting stupid unworkable laws into the tracker. It'd be like arresting someone because their phone number was written on a toilet wall. Just because it is their phone number is no evidence that they wrote it on the wall.

However, as you know it is good enough for the RIAA and the American legal system.

It would just look like a poorly configured client, which means a young / stupid user possible without much money. Prime target anyone?

In sumation, for proper operation, your file-sharing software needs to have your public IP and be able to accept some kind of incoming connection made to that public IP in order to be configured correctly and work according to specification.

MediaSentry's evidence seems to be based from screenshots showing the list of IP addresses advertising that they have a server with the stuff your looking for.

When they realised that was toilet wall evidence, they started downloading the entire file from a single source to "prove" that the IP address was serving up the file.

A pretty thing about NAT boxes is that they are capable of forwarding incoming or outgoing traffic to anywhere, on or off the network.

I'll give you a real world mail example that works. I find your name and an address that claims to offer free movies on a toilet wall. I write off, and Mr Free Movies writes back. From the fact I get a reply I can tell that I have an address for Mr Free Movies that works. I cannot tell if Mr Free Movies is the homeowner from the reply. I can't tell if Mr Free Movies even knows the home owner. I don't know how many times my original mail was forwarded before it got to Mr Free Movies.

According to RIAA logic, if I get snail mail forwarding from some company, and use that to make available copies of infringing works to those who request infringing works, then the person liable is the person with the advertised address. i.e. the forwarding company.

If your doing something like that in the real world, you're probably smart enough to obscure your public address for this service with a forwarding address.

If you've ever encounter a "Please look at this advert while we pause for thirty seconds before forwarding you to the page you actually wanted to see" type page, you may realise that forwarding is a large part of how the internet works and is intrinsic to its structure.

Anonymous said...

Its not a highly secretive method. It just involved hacking the file-sharing client so instead of downloading from any available source it only downloads from one. thus is it possible to establish that you're getting the entirety of the file from one advertised IP address.

Anonymous said...

In addendum to the above, it is also becoming incresingly common for DSL routers which have the processing power to do NAT to be recruited into botnets. If the router exists, it could have been compromised, especially if maintained by no-one. Who do you know that updates the firmware on these things?

Anyway, I felt I should mention this as it may well turn out to be a very important source of plausible deniability. If someone has an open wireless connection, then it is obvious that the download could have been done by anyone in range.

However if the router box could have been compromised, and any router box could have been compromised unless it has had a permanant IT security staff checking the logs, then there is no guarantee that the advertised content made available was made available from the site where the router box (and it's corresponding public IP) is located.

Also if the users computer is capable of being compromised, there is no guarantee that some nefarious Mr X hasn't downloaded infringing material without the users consent.


I mean, if Sony can install a rootkit without the users knowledge to protect their intellectual property, in a manner that later turned out to be illegal, despite the assurances they were given by the security team they bought the kit from. Maybe a clients computer could have been compromised by someone else, and the files planted. Or even cached for later download by our nefarious Mr X.

I mean, if you look at the numbers of computers refered to by the security community as zombies in a botnet, run by some shady botherder somewhere in cyberspace, then you find a scenario where it is possible, maybe even reasonable to ask the RIAA to prove that the files they have requested by court order and found were actually placed there by your client and not someone who has compromised the notoriously lax security in the most common operating system of the day.

I post as Anonymous about this, because I have no standing to be called a reference anyway. google is your friend, but not your only friend. Find your own references.