Tuesday, November 08, 2005

Media Sentry Tactics Explained: Full Copy of Deposition Transcript

Deposition of Media Sentry representative in BMG v. Doe explaining Media Sentry 'investigative' technique

(Alternate link)

Canada's Federal Court of Appeal found Media Sentry's 'investigation' to be too unreliable to warrant turning over private information of the "John Doe" defendants:

Decision of Federal Court of Appeal
(Alternate link)


Anonymous said...

(1) Multiple computers can be connected to a router using DHCP or a static lan address.

If DHCP is used then NAT translation has to be used to forward traffic from the outside to the internel network, additionally, connections can only be initiated by the source device, not the outside network. If a static lan IP address is used, then direct port forwarding can be employed to pass traffic from the outside to the internel network, this allows for connections to be initated by either the internel network or the outside network.

The deponent incorrectly stated that NAT(network address translation) had to be used in order for multiple devices to connect to a router.

(2) Deponent: "They have to copy a file into a shared directory in order for it to be available to others on the Internet".

Thats incorrect, kazaa and other p2p apps can automatically scan for media files on a computer and share them, this usually performed in the setup process by default. Therefore sharing of files does not explictly require a user to copy files into a shared directory.

Addtionally in kazaa you can select folders(directories) to share, and kazaa will recursively search that folder and sub-folders for files. The user does not have to explicitly select files.

raybeckerman said...

Thank you for the insight.

Are you involved with EFF's List of Cooperating Techs, by any chance?

Anonymous said...

Ray, thanks for the link on this deposition. It was an excellent read,
and leads me to ponder on why media sentry has not been questioned (in the
U.S.A.) on the validity of all of the evidence that has been brought against all
of the "DOES" and anyone who has been directly sued by the RIAA. The questions
Mr. Scott was asking were very technical and I was afraid that as a lawyer, he
was going over his head. Apparently he has done quite a bit of research. The
anonymous post above brings up some excellent points about the incorrect answers
that Mr. Millin gave.

It's amazing that the RIAA use IP addresses as evidence that a specific individual
(i.e., the internet account owner) downloaded copyright infringing material. I
myself have a wireless network that I thought was secured using "mac filtering",
and did not realize that the range extender I was using to extend the range of
my network was allowing anyone to bypass the mac filter on my network. It wasn't
until 3 months after i hooked up the range extender that I saw the connection logs
showing unauthorized mac addresses connecting to my network. Who knows what could
have been downloaded by unauthorized users in this time frame? And unlike an ISP,
I have no ability to trace the physical connection of a specific local IP address
and mac address (as they could have been neighbors or someone with bad intent
driving around my neighborhood). Other security protocols for wireless networks
are easily circumvented (see the tom's network guide for an article on how easily
WEP keys can be cracked -- http://www.tomsnetworking.com/Sections-article124.php).
There are other ways of protecting wireless networks, but with ISPs handing out
wireless routers for cable and dsl like candy, there is no way that there is
more than a minority of wireless home networks are secured (including my own).

So I guess my problem with all of this is that of responsibility. My wireless
network is very convenient, allowing me to work anywhere in my house with
my laptop or PDA. But with the fear of being sued for hundreds of thousands
of dollars because I (and other home wireless networking users) cannot figure
out or even prevent someone from accessing my home network to download whatever
they'd like, should I have to stop using my wireless network or have to hire
a network administrator to watch over my network like a hawk? I'm sure I'm being
extremely paranoid, but shouldn't I be over that much money?