Friday, December 02, 2005

Patricia Santangelo files Answer, Demands Trial by Jury

Patricia Santangelo, the defendant in Elektra v. Santangelo, in White Plains Federal Court, filed her answer to the RIAA's complaint on Friday, December 2nd.

In it, she demanded a trial by jury.

Her pre-answer motion to dismiss complaint had been denied in a November 28, 2005, order and decision.

Keywords: copyright download upload peer to peer p2p file sharing filesharing music movies indie label freeculture creative commons pop/rock artists riaaradar


Anonymous said...

thanatos has some excellent points. I've tried to explain some of those same issues to others in the past. These days with so many people going wireless with access points in their homes any unsecured wifi network could give anyone access to their broadband connection and with the Wifi access point acting as the gateway that unknown user's IP would appear to a server or another peer as the gateway's IP address. Wardriver's crusing looking for open wifi hotspots are all over.

There was a story a while back in the newspaper of a guy sitting outside someone's home in his car downloading porn on his laptop. His IP would have been the IP of the unsuspecting victims who's internet connection was being secretly hijacked.

Just because an IP address was being logged does not mean it's a valid identifier of the user.

Anonymous said...

thats right, IP changes also, so what is mine today might not be mine tomorrow, or even a few hours from now. . .

Anonymous said...

true, most ISP's use DHCP to "lease" IP's to their users but an ISP's logs should indicate the user who was assigned a specific IP at the specific times in question for the duration of the DHCP lease. But that doesn't necessarily mean the user who was assigned that IP address is the user doing the downloading. The IP could be forged or it could be someone secretly using their neighbors WiFi. When I bootup I can see at least 6 other WiFi access points in my neighborhood from my third floor apartment. If any one of them wasn't secured then anyone else in the area could be secretly using their network.

Anonymous said...

WIFI Security doesn't mean much either. If it were poorly secured, someone could use many of the free tools out there to crack the security, hop onto the network, and do whatever they want.

Anonymous said...

with WEP, i would agree with you, but with a 63 character WPA-PSK, they could be sitting there for days trying to crack it.

also, the only way I could see the RIAA proving that Patricia had any involvement is to the match the CRC hash mark of the file-sharing string to that of the actual file on her computer.
anything less, and the lawyers & law makers both have NO concept of the computer industry or the internet in its basic form, and IMO, aren't doing their job.
but good luck getting that type of information. i don't know any ISPs that record your hash info since it's against federal privacy policies.

Anonymous said...

Perhaps I'm cynical, but I'm sure that the RIAA is fully aware of how unreliable using IP addresses to track people are. If they have the money (and they do) to hire people to track down these IP addresses, surely those people, who presumably have some training in networks and computer science concepts, understand that IP addresses are not reliable identifiers.

Anonymous said...

What a load of waffle.

Starting by saying you're a slashdotter is not the best start to your otherwise eloquent (albeit bloated) final words on this.

Right, where shall I start?

I personally dont believe the RIAA's (et al) behaviour in suing on such little and inconsequential evidence is right, BUT I've got the following things to say about how weak your counter argument is.

Under the terms and conditions of an ISP a person that leases an IP is responsible for the traffic going through it.

Ignorance is not an excuse. If you dont know how to do the following:
a) secure your wireless acess point
b) recognise the applications your children are using to break the law
c) know any basic security measures to stop your PC being "zombied"

... then you basically and genuinly arent fit to have an internet connection.

Here's an extreme but perfectly identical parallel example:

Say I have a box with 50 loaded and ready to go guns. I drop them all around a park and give one to anyone I meet without asking questions. All the guns are registered to me. Some of the people do nothing with the guns but some people decide to commit crimes.

When the police come for me how am I justified in saying its not my fault? I gave the people the means to break the law.

If you're broadcasting your internet connection over a neighbourhood, you're giving people the means. Its your responsibility to keep them from it.

And before you say "oh they can just get someone elses internet" yes, that's true... but if they really want to shoot someone, they will get a gun.

Secondly, you mentioned CRC hashes in the briefest possible way. You forgot (or more likely chose not) to mention that they're the bit that defines what a file actually is. Its made from the structure of the file and is unique(ish) to that file. Its strong evidence, if the RIAA has a comparison file with the same CRC - which I bet they do. They use the filename to see what to compare against, check the CRCs and if they match, you've 99.999% got the correct file.

And what's all this junk about what device the communication is coming from? You're incorrect. All p2p clients send platform information when they connect to a peer. And even if they didnt. Its not an argument. Even if you're uploading britnet from your java enabled phone, you're still to blame.

And your final nonsense about splitting liability because you only have 8 bytes of the file is nonsense. Breaking the law is breaking the law. Dont be so childish.

Anonymous said...

Yes, it is true that someone *could* label their excel spreadsheet as an MP3 and then *hack into* some poor old lady's computer and then *without her knowledge* use it to distribute said excel sheet over a file sharing program. And then "KNOWINGLY ALTER HER IP ADDRESS" or whatever else this guy says.

Or you could just use Occam's Razor and conclude that grandma had a Britney Spears mp3 on her computer.

The argument consists of a lot of pseudo-tech jargon and faulty presumptions and conclusions but not a lot in the way of technical explanation of how it could happen.

Anonymous said...

Everyone seems to forget that the people involved in this case are LAWYERS...and while they think they're smart, they couldn't bind their own adderss without, the fact is that it will be LAWYERS pressing their case based on ignorance, and their audience, most likely a judge who will rule w/o a jury and is as 'informed' as the idiot LAWYER who tries to make his case. Don't be fooled, all the technical reasons in the world why this is a bogus case may never be heard, much less understood.

Anonymous said...

Regarding Anon's post about placing 50 loaded guns in a box and heading down to the park to hand them out.

Your arguement is fundementally flawed in that there is a specific law on the books stating that its illegal to provide random people with loaded weapons. It is entirely leagal to open a store, procure the proper permits and sell firearms to anyone who can meet the requirements of the laws -governing firearms-.

The fact is that there is no law on the books regarding securing your internet access against outside intrusion in most states and most countries outside of the USA, the only repercussions you might run into are those with your ISP, there is no legal culpability in regards to what is downloaded through your ISP.

The RIAA must prove that you personally caused them damages.

It is very different if you knowingly leave your access point open with the understanding that someone could use it to download copywritten material. But at that point their suit would have to be directed towards -negligence- rather than direct copywrite violation, the monetary awards for which are tiny in comparison.

Much of the original poster's comments still hold very true, a lot of the technical angles of file sharing have yet to be properly addressed. A lot of his comments are heavilly weighted though.

The foremost points that still must be answered are as to wireless security and the culpability of small bits of data that aren't entire songs.

You can completely dismiss the content of any file, the fact is that if you knowingly distribute something as if it were something else, your legal responsibility is dual, both for distributing it for what it is, -and- for what you claim it to be,

If you go downtown and try selling baking soda as cocaine, you're guilty of drug trafficing (Yes, even though you're not selling cocaine, you can still be convicted of 'trying to sell cocaine' regardless of what's in the bag at the time) and if you go downtown with a sac of cocaine and try to sell it as 'baking soda' you're still selling cocaine...


Anonymous said...

I think that the most basic and reasonable argument against the RIAA's method/evidence is as simple as this.

1.Even with reasonable precautions (WEP, Keeping with updates, etc) it is still possible to have your machine or network compromised especially when using windows. This isn't ignorance it's joe user vs technical user.

2.Dependant of the broadband network it is possible to obtain someone elses IP address by spoofing their MAC address, this applies double for wireless hotspots.

Given these 2 FACTS it is reasonable to say that someone who has been reasonably diligent could have their IP address compromised and used for a purpose unknown to them. Given this reasonable doubt it would seem the RIAA's evidence is moot.

Anonymous said...

My letter to Mr.Beckerman and everyone else-

The ip address is not on a chip, it exists ONLY in software (see OSI model). The MAC address which is what the ISP sees, however is hardware based, however due to HAL (hardware abstraction layer) this can be changed in software.
As for how the RIAA/MPAA can tell who was using what IP address, they usually contact the ISP who owns the particular IP address. (Server logs must be kept on hand for a minimum of 3 years, however some ISPs keep better records).

Ananimity does NOT exist online. Google, Yahoo and many other search engines keep records of search terms and what IP they came from (a trick the FBI makes full use of even more regularly now than before). This in combination with the ISP keeping records of MAC/IP addresses can show exactly what modem (POTS/DSL/CABLE/SAT/GSM/etc.) the information came from. The best way to throw out the evidence is the good old fashioned lawer way, find the weakest link in the chain (Did they have permission from the ISP to use their logs?) Can they trace the MAC of the computer? Not just the Modem's MAC (if a user has a Wireless connection (router) someone could easily use that and the modem's MAC would be recorded, not the computer's MAC. Although they could say that you allowed someone to use your access point, you could still argue Mens Rea. Many people (and corparations) do not know how to set up proper security, and would (hopefully) bypass the "willful blindness".

Unfortunatly you're headed to face a company that writes memos for the FBI. {A few documents supposedly comming from the FBI and other federal agencies, have had digital signatures that lead to the original writer being in enternainment industry} May I suggest you have ALL digital evidence investigated. (MANY people might help you at little or no cost.)

Entertainment Industry- Take your "management" off MY digital rights.

Anonymous said...

1. Your IP addy may change, but its change history is logged by your ISP and is traceable. So it can be used accurately show who was using a particular IP at any given time.
2. Even though a “bit” is a VERY small amount, it still is part of the illegal download. The person helping to plan the bank robbery is just as guilty as the one holding the gun in the bank.
3. Securing you wireless signal is the smart thing to do. The Courts have found peeps guilty of stealing this signal even when it has not been secured, but it is very hard to prove someone was stealing it from you to download illegal materials.
4. Yes, file names have no legal weight, and now peeps like RIAA have to connect to you to show that the file was actually shared illegally. That’s why you should use apps like Peerguardian to reduce the possibility that this connection can be made. Or consider using a proxy server when file sharing to move your IP address to file sharing friendly country.

Anonymous said...

Please understand the following:

1) The ISP terms of service are a contractual agreement between the ISP and its customer. Presence of such agreement (and contractual breach of one) does not mean, and can not be viewed by the court as sole evidence that the defendant has acted in bad faith or even negligence. The obligation to secure your machine and sole responsibility for the actions of that machine exists exclusively between the parties in the contract. It would probably come to light if the recording industry sued ISPs and ISPs in turn sued their customers. Luckily, they can't do that.

2) To the best of my knowledge, there is not a single lawsuit initiated against file sharers [in civilized countries] that was won by the recording industry. All of them were either dismissed or settled out of court.

3) From the court point of view, any and all technical evidence that may be presented by the recording industry in such a lawsuit, is laughable at best and can not withstand virtually any scrutiny. An ISP can only certify that, at a specific point of time, the IP was associated with a customer's account that has a name on it. The ISP would not be able to certify that this customer actually used the account, or that the account was used with the customer's knowledge, or used in any particular manner at all; all they would be able to do is loosely associate the IP with a name without any substantial evidence (despite the likelihood). This might be enough evidence for someone to go over to someone's house and kick someone else's ass, but courts don't work that way.

4) Considering the past incidents in which RIAA used extortion and SLAPP tactics, sued the elderly, children and dead people, I doubt any court would take any claim from this seriously; and the defendant's lawyers should be able to ensure so. The courts only have a loose certainty coming from an ISP, and **AA's word for it.

5) Music is art. "Intellectual property" is greed. Anyone who applies greed to art deserves to have their art taken away from them, forcefully or otherwise. The reason that the music is pirated is because there isn't enough good accessible music - the art as it should be. This is enough moral justification for me to not feel guilty about sharing and downloading music without paying first. I believe that the media industry middlemen are parasites and that the downloading would eventually promote a direct connection between the artists and the consumers and eliminate these parasites. Personally, I hope to God a day comes when all the people involved in "intellectual property" bidznits - lobbyists, lawyers, managers and executives - are collectively thrown out to the streets together with their children. That's the price you've got to pay for being a greedy asshole

Anonymous said...

The comment that lawyers may not be confident in computer issues is an understatement.

I've done 7 years of phone tech support, and a common problem with lawyers (and only lawyers) that would occur is nearly beyond belief. They would commonly set their screens to max resolution, and their fonts to the smallest size, so they could show as much text on their screens as possible. And they would claim they need that all of the displayed info at all times. The main problem is that it, and the message boxes (error, dialog, whatever) all had text too small to be readable. In my opinion, unreadable information is utterly useless, change your settings you walking I D 10 T Error! Also known as PLBKAC issue. (Problem Lies Between Keyboard And Chair)

Don't get me wrong, there are intelligent lawyers out there that don't have these problems. But they don't have to call tech support because they can't read the screen either. Too bad intelligent computer (and tech) literate lawyers are about as common as whale horns.

Anonymous said...

People are so stupid. It is very true that you can do whatever you want to "try" to keep a hacker off of your router, but they can get in. It may take someone "weeks" to crack your high security, but if they are in the comfort of your their own home, it can be easily done.

Furthermore, it is possible that there may be a flaw in the hardwar or software that allows for this to happen more easily (ie: Cisico router flaw, WINDOWS XP?!, etc). If that is the case, and the computer system was compromized then wouldn't it be the fault of MS? I would LOVE to see the RIAA wankers try to sue Microsoft for promoting pirarcy. I mean, I cant use Kazza or whatever the hell is being used now if I didnt have Windows to run it on...

or an Intel processor, or a Negear router... or an ISP to connect to the internet on... or, for that matter, the content they are creating...

There is the solution... these fools should sue themselves because if they didn't create hte content for someone to pirate, then it wouldmt be pirated. THEY ARE THE ONES TO BLAME...


It will work itself out soon enough. I wont pay $20 for a CD of some shit band...

Anonymous said...

Maybe in the long run, the RIAA doesn't really care whether they win each lawsuit they initiate. The point is, everyone sued must either settle out of court, or defend themselves in court--not likely an inexpensive option for most people. So even if you win, you lose. And the music business has much deeper pockets than most of us...

ruidh said...

Under the terms and conditions of an ISP a person that leases an IP is responsible for the traffic going through it.

An agreement between a user and the ISP can only have a very limited effect on one's liability to third partires. With such a clause, the ISP can hold you responsible, but third parties can't assert those contract rights.

Liability is imposed by Federal Copyright Law. Now, somone who runs an open WAP router might potentially be held liable under a vicarious liability theory, but the burden of proof to establish direct laibility is probably beyind the plaintiffs. They certainly haven't alledged any actual violations.

Anonymous said...

Hi all, I guess Ray has stopped reading by this point. But I just want to say that most of the comments above are irrelevant.

Under existing copyright law, the plaintiff needs to allege specific acts of copying. To me, just saying that they observed her IP having a shared directory doesn't cut the mustard.

Perhaps she shared the folders but no-one downloaded any of her files. Under current law, this is not copyright infringement.

The RIAA might not like this, but the law says they must allege specific acts.

Having said that, I'm not convinced of Judge Colleen's ability to uphold the law.


Anonymous said...

To quote an anonymous user above..

" is still possible to have your machine or network compromised especially when using windows."

And there are a couple of other comments about the security of a particular OS or device.

Every OS has vulnerabilities. Don't get me wrong, I dislike Windows. But to say that one OS is less secure than others is making a sweeping generalization that holds no merit. Don't be a parrot of another man's thinking. Just because the web is full of anti-Windows sentiment, does not mean that everyone should blindly echo what they read.

A reason that people might foolishly make such statements would be that Microsoft has somewhere around a 90% market share when it comes to operating systems. This means that "everyone" is using windows. Because of this fact, more viruses, malware, spyware, bugs, and exploits might exist for Windows. This is simply because if everyone is using Windows, and one wants to compromise machines for instance, that person would benefit far more if he/she looks for vulnerabilities in Windows.

Don't make yourself seem like an idiot by not thinking for yourself. Form your own opinions.

Anonymous said...

And especially with liability, if people are responsible because they leave their networks open, then people should be responsible for using windows. Like it or not, even if it is just becasue most viruses and malware are programed for windows over other OS, there are more secure operating systems, and people should be liable for that. This argument also does not place any blame on the person that is doing the actual downloading, but just places all the blame on the ignorant provider of the means. This would be the same as someone being held liable for having their car stolen by a bank robber and used as the getaway car.
And the previous argument saying that just providing a few bits of data is the same as providing the whole thing cannot make a comparision between that and a bank robbery. Anyone involved in a bank robbery will be held accountable, but the maker of the gun, which provided the means for the robbery is not. The people that provided them with a fast car and runflat tires are not. The movie industry, which has glamourized bank robberies for every kid since they watched their first cartoons, and could arguably have given them the idea for the bank robbery, are not.
I'm not an IT expert. I do basic maintinence and repair of computers on a college campus. There are people here that can write kernal mods and find backdoors like no one's business, and also know how to keep their computers "secure". However, the majority of this "computer generation" doesn't even know what to do when they get a simple anti-virus warning, have no idea what WEP, WAP, or "unsecured wirless network" means, and assume their computer is "secure" when they put a password on their user account that you have to type in when the screen saver comes off. If the majority of this generation assumes "secure" means "has a password", how can you hold my grandma accountable for maintaining her cable connection? She just uses it to get recipies and email with her one other friend that has the internet. Her computer gets updated once a year when I go and see her. If she only goes to two sites regularly, and I typically remove dozens of spyware and malware application/viruses, how could someone possibly establish an intent to do something illegal with their connection?

Anonymous said...

If the RIAA can sue someone for contributing several bits of data of a portion of a copywrited song, and the RIAA can sue for $250,000, then I think that Sony should be sued by everyone from whom they stole information on (reasonable expecations of privacy) for 250,000 per file/times of packet activity.

Anonymous said...

Looks to me like the RIAA should be paying back some money to some folks. :-) or giving them some free tunes.

Anonymous said...

The bigger point in this whole debacle is this - the technical feasibility of proving culbability in a file-sharing case is irrelevant. The RIAA is quite aware of the weak grounds their cases are founded on, but the "evidence" (which most knowledgeable technical folk would agree is potentially quite fallible) will generally be considered enough by a judge to allow the case to be heard. The prospect of having to defend themselves against charges that would require what to most people would be boring and confusing technical explanations - potentially lengthening a trial and risking the possibility that you might never adequately explain your defense to a jury - is daunting to most people. For the average American, mounting even a weak defense could easily drain their savings and bury them in debt. The RIAA knows this, and is quite content to collect the token settlement here and there - their real victory is that the resulting press may frighten the non-technical public (which is the VAST majority) into believing that they DO have some magic way of explicitly and categorically identifying individuals as downloading or sharing illegal content. Once most people have been scared away from file-sharing for fear of being sued or worse, the RIAA has won.

Anonymous said...

Well being an IT expert i can tell you that IP's can be spoofed if you have enough skill and use a tunnel proxy the chances of finding the person doing the spoofing is next to nill.

Filenames are also not proof as some P2P are being baited by fake songs how can you get sued from downloading a file containing garbage its not copyrighted so what can you be charged with?.

And if they checked your drive to see if you had other files on it, ie mediasentry has been known to hack into peoples machines and retrieve info using os security holes.

There are a few suing that company due to there hacking, some P2P dont give out file lists ie bittorrents, but they can scan your ports to see what files your downloading now is this legal ie hacking using os security hole to gain info on people using bittorrents.

The question is privacy they are breaking privacy laws here in Canada even though they cant sue since its not illegal to share files in canada.

And im sure even in the US its not legal in some states to go poking around in other peoples computers.

Anonymous said...

Seriously though…
When do people actually get to enjoy their privacy?
People can not just walk into our homes with out being invited or reason and a written order.

Our computers are in out homes. Does this not mean anything or is it more like the trash that it placed outside on the curb? It’s yours inside but when placed at the curb it open to everyone who wants to go thru it. Personally I don’t think of my computer at putting out trash for everyone to look at when I’m online. I think of it as a tool for my personal life (email, family photo’s), work (email, financial reporting), entertainment (games) and so forth.. Again, not meant for people to pry into just because they have a suspicion… by the way another word for suspicion is doubt, thought, distrust, disbelief… all of which do not make a statement of definite-hard evidence.


Anonymous said...

c) know any basic security measures to stop your PC being "zombied"

ok, i've just put a sony cd into my drive and become infected by their root kit. Although i am fairly knowledgable and can remove viruses and spyware, often without the need of special removal tools. Someone can now instal a trojan that i CANNOT detect so how the hell is that my fault?