Friday, September 22, 2006

Preclusion Motion Filed in UMG v. Lindor; Lindor Says RIAA Cannot Introduce Songs into Lawsuit if it Has Not Produced Song Files

In UMG v. Lindor, the defendant Marie Lindor has made a motion to preclude the RIAA from introducing into the case songs as to which it has failed to produce the song files. Ms. Lindor's lawyers submitted to the Court the RIAA's interrogatory responses where the record companies had stated under oath that their case was based upon (a) Media Sentry's detection of song files being 'distributed' and (b) Media Sentry's allegedly making "perfect digital copies" of those files. Ms. Lindor's attorneys argued that the RIAA cannot prove that it made perfect digital copies of the songs if it doesn't have the song files.

Notice of Motion*
Affidavit of Morlan Ty Rogers*
Opposition Affidavit of Richard L. Gabriel*
Memorandum of Law in Opposition*
Reply Affidavit of Morlan Ty Rogers*
Reply Memorandum of Law*
Exhibit A (Plaintiffs' Response to Defendant's First Interrogatories)*
Exhibt B (Plaintiffs' Response to Defendant's Followup Interrogatories)*

* Document published online at Internet Law & Regulation

Commentary and discussion:
Comments here on the blog (some fascinating dialogue going on among our more technically knowledgeable readers going on: don't miss it)
Digital Music Weblog

Table of Cases


Keywords: digital copyright online download upload peer to peer p2p file sharing filesharing music movies indie label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs


Unknown said...

If the Judge accepts this argument from Ms Lindor's lawyers, then I suppose this whole case would rather be redundant?

eclectica said...

The term "perfect digital copies" is rather ambiguous and undefined. CD quality wav files are 1411 kbps while mp3s tend to be 128 or 192 kbps.

Even the wav file ripped from a CD can not be called a "perfect digital copy", because the audio CD itself, unlike a data CD, is actually in raw mode and has no built in error correction.

So what "perfect digital copy" is the RIAA claiming to own the copyright of?

Alter_Fritz said...

Like in all the other papers I have read so far from this RIAA lead counsel Mr. Gabriel also in those listed here I read stuff that I would simply call Bullshit!
In Document 73 Filed 09/22/2006 he used numerous times the word individual in connection with a specific IP address. An IP address is not a person!
He claims that Media Sentry detected an individual and that with the help of a public database they were able to identify the issuer of that IP address and this issuer then identified Ms. Lindor as the formerly unknown individual Mr. Gabriel claims that MediaSentry has detected.

Whow! How did the IPadress issuer Verizon do that?
An IP address is something that is issued to an electronic device. it is not issued to an "individual"!
If the IPissuer Verizon has not installed a webcam in front of the device he issued the IP address to and got this way a picture of an individual then neither can the ISP not Mediasentry nor Mr. Gabriel claim that they know that the individual that alledgedly infringed someones rights was the individual that is named in this case! All that they can say is that the named individual payed the IPissuer for that IPaddress, but not that this specified individual has done something unlawful!
So RIAA Lead counsel Mr. Gabriel is either totally incompetent if he claims that an IP address is a specific person or he willfully tries to cheat the judge in this case (again)!
On page 5/6 further down he made some explainations regarding transfering ownership, selling or lending of copies OR phonorecords because those other users now own perfect digital copies of those sound recordings
Question:Where are the Originals then? if the Copies are perfect digital copies then it must be easy to compare them to the alledged originals.
I haven't seen so far any originals of the record companies that are the basis for this "illegal perfect digital copies".
Why haven't he produced these originals yet so that the alledged illegal copies, that are perfect copies according to him, can be in fact verified by a neutral computer forensic expert as what he claims they are?

Hell even the agends of the record companies told under oath that they are able to produce files that look like perfectly digital copies of copyrighted works, but in fact these files are not copyrighted work. So how can this Mr. Gabriel seriously claim someone has infringed copyrights without listening to and producing of these claimed perfect digital copies or the "originals" if just the same filename, the same filesize, same metadata ect. is, according to the plaintiffs agents stated in other cases, NOT a valid soundrecording the plaintiffs own any copyrights in?

Alter_Fritz said...

@ digismack

IANAL ;-) but no, downloading from other users in the p2p cloud would be no copyrightinfringement, since the copyrightowner (or an agent working for him) can not infinge his own rights.

But as I asked below if that what circles in the p2p clouds are perfect digital copies of sound recordings that made these copies equal to a sale, lending or renting of phonorecords where are then the originals for this copies in the cloud?

Alter_Fritz said...

Peter Rothman said: [...] how can they prove that it is the one they downloaded from Ms. Lindor's machine?

Peter, if i remember correctly from earlier posted documents then it is NOT Ms. Lindor's machine, and that she is/was "computer illiterate" at the timeframe at issue!
If I understand it correctly the pieces that were left in her posession (that included a HDD) were owned at the time in question by her ex husband.
So it is not her machine the RIAA claimes that they have downloaded songs from!

(Ray might correct me if I confuse here something)

Wishbook said...

I'd love to see the RIAA made to look like [bigger] assholes [than we already know they are] by catching them suing someone who made audio critiques of each song of an album; who happened to make these audio critiques the same length as the original songs; and then gave each audio critique the title of the song critiqued.

App said...

Unless you can connect to me and actually download said file and produce it is evidence of me actually sharing that file, how can you claim I actually did it and prove it?

I could appear to be sharing a file and not actually be sharing anything at all.

I give this little utility made by a friend as proof that it can be done:

There are all kinds of other ways to do this without plugins, such as the sharing from a CD trick where you let the hashlist be created by sharing a CD of mp3 files and when it's finished you remove the CD from the drive and not refresh the library of shared files. The list will still show you as sharing them but nobody can download them from you because in reality you are sharing nothing.

And in the case of multi-source downloading, you have to prove that it was actually me that you connected to and got the file from. Getting it from someone else on a multi-source doesn't make me guilty of anything. And in fact would be you guilty of deliberately suing the wrong person.

When you accuse someone of something, you have to present proof of it, otherwise it is assumed they didn't do it.

Innocent until proven guilty means you have to prove someone is guilty.

Tim said...

One more addition to buttress the 'IP Address is not a person' argument. Most large scale ISPs use DHCP (Dynamic Host Configuration Protocol) to assign an IP address to your computer when you connect. An IP address issued in this manner is "leased" for a period of time, after which you renew your DHCP lease and you may be issued a new, completely different IP address. The addresses are within a range that is assigned to the ISP, but using them like this allows your computer to not have to be assigned a fixed address, and allows the company to reassign unused addresses when the lease time is up.

What all this means to the "lay" audience is that the IP address is NOT fixed to your computer's network card. IF they keep records of DHCP assignments they COULD try to say that during the time in question the IP address was assigned to the MAC (Media Access Control) address of your network card, but they can't say definitively that an IP address is used by your computer and yours alone.

raybeckerman said...

Tim said......
the IP address is NOT fixed to your computer's network card. IF they keep records of DHCP assignments they COULD try to say that during the time in question the IP address was assigned to the MAC (Media Access Control) address of your network card, but they can't say definitively that an IP address is used by your computer and yours alone.

tim, tell us more

Alter_Fritz said...

I'm not Tim, but you might want to notice that MAC addresses can also be (for computerfreaks and hardcore criminals easily) changed/spoofed. So even if the RIAAguys will come in further cases not with IP adresses but with mac adresses they claim to have downloaded music from note that a MAC address is also like an IP address NOT something like DNA.

So a real hardcore pirate would of course change the MAC address of his device to the MAC address of the networkcard the innocent guy next door has so that the RIAA would claim they have evidence against innocent guy B and not against guilty guy A

Alter_Fritz said...


In that case thank you for correcting me.
What I stated was based on "information and believe" as a lawyer would call it.
So either I got the information my IT-teacher tought us wrong or he was paid by RIAA to scare us! ;-)
Like the RIAA did with their campus downloading DVD full of half truths and plain misrepresentations of the actual laws involved.

Thanks again for your clarification :-)

BasicTek said...

There are many things that can be pointed out as unverifiable evidence when it comes to DHCP, NAT, wireless routers, MAC addresses, and so forth. When I worked with ISP's in the past here are a few things to note.

1) DHCP leases are usually very short for ISP's meaning that if you turned your computer off for an hour you could loose your IP

2) DHCP logging was usually considered a wasteful use of resources. Other than providing information to the AA's it doesn't benefit the ISP to trace such events and smaller ISP's for sure did not do this.

3) DHCP logs (if they are being kept) and customer account information are on 2 completely independant systems and it would require some major time, money, hardware, and software to synch up this information. More than likely when the RIAA requests john doe information from the ISP's they just check who is currently using said IP and not a history.

That being said the RIAA has persisted in this case mostly due to the user account on kazaa having "lindor" in it's name(jrlindor@kazaa). Of course anyone could put that in their user name but it definitely doesn't help the defendant to use their own name when creating a kazaa user account.

When it comes to MAC addresses. Any 3rd grader could look in the network cards driver properties, or routers admin config and find the ability to change their MAC address.

I'd like to know one thing. Usually the RIAA has 2 lists, 1 a long list of possible songs contained in a shared folder, and 2 a much smaller list (usually between 10-30) of songs actually downloaded from the said shared folder. Are they saying they don't have any songs in this case? Did they lose them?

I really like "G . Plaintiffs do not know how many copies of the files on exibit B to the complaint the defendant distributed, but plaintiffs believe that copies were distributed to other users of the network"

Work on that one lol "but we believe" is their grounds for a lawsuit??? I believe the RIAA is extorting money from innocent people has a hell of a lot more weight. No proof, no witnesses, no one was seen, or caught with said copy. They just believe it happened???

raybeckerman said...

rajulkabir said...
"if you are on a LAN (192.168.x.x) and you have the router device between your networkcard/your LAN IP and the internet then every packet you send out has YOUR MAC address in it. So if the nice mediaSentry investigator wants to recieve a datapacket from you he sends his request to the public IP that your householdrouter had become from verizon and in this request packet is the MAC address encoded you send out. Because otherwise your router would not know to what Device he must send the packet that arrived from MediaSentry."

No. Your router knows where to send the response packet because it maintains an internal table of active NAT sessions.

When your desktop PC at starts a connection with, the router selects a random port number, say 35000, and uses that as the origination port for the outward connection. Later, when sends a packet back to port 35000 on your router's external interface, the router checks its NAT table and sees that the session on port 35000 is associated with and thus directs the packet on the local LAN.

MAC addresses are not involved (except for their normal ARP role which is entirely internal to the LAN).

No normal router leaks MAC addresses, nor is there any reason to. Likewise there is no way for someone on the outside to address an internal device by MAC. Get yourself a packet sniffer and watch the traffic between your DSL modem and your router sometime.

Dear rajulkabir,

The RIAA doesn't seem to have the MAC addresses. Do you feel that might be relevant to the case?
If so, how would it help us knock out the RIAA case?



raybeckerman said...

pakoistinen said...

I work as a network and security professional on daily basis. I think you had a good point with the MAC addresses and NAT, but missed the essential part there. Let's assume that you have a 4-port ADSL with wireless LAN (WLAN) capability from Verizon. Now, if you are an average customer you couldn't care less about configuring security features on the device or even understand how it works.

Now comes the essential part. When you use your personal computer from behind the NAT, the ISP is able to tell ONLY 1.) the IP address and 2.) the MAC address of the ADSL device. They will not be able to identify a.) which computer behind the ADSL is establishing network connections, or b.) how many computers are actually connected to the local LAN network.

In essence this means that an average user with WLAN could fall easily victim to his neighbour's P2P felonies, even something more dangerous than just music sharing. The nasty neighbour could, for example, connect to the a) unprotected WLAN, or b) hack the WLAN's insufficient security settings (whihc is usually the case).

Dear pakoistinen,

1. Are you saying that the RIAA needs the MAC address to identify the specific computer that was used?

2. Why do you think they don't have the MAC address?



raybeckerman said...

basictek said...

That being said the RIAA has persisted in this case mostly due to the user account on kazaa having "lindor" in it's name(jrlindor@kazaa). Of course anyone could put that in their user name but it definitely doesn't help the defendant to use their own name when creating a kazaa user account.

The only person in that household named Lindor is Marie Lindor who's never even used a computer.

When it comes to MAC addresses. Any 3rd grader could look in the network cards driver properties, or routers admin config and find the ability to change their MAC address.

No wonder I can't do it; I'm not a 3rd grader. But seriously, the MAC address can be easily changed?

I'd like to know one thing. Usually the RIAA has 2 lists, 1 a long list of possible songs contained in a shared folder, and 2 a much smaller list (usually between 10-30) of songs actually downloaded from the said shared folder. Are they saying they don't have any songs in this case? Did they lose them?

They're saying they downloaded 11 but want to be able to prove that there were 27 others.

I really like "G . Plaintiffs do not know how many copies of the files on exibit B to the complaint the defendant distributed, but plaintiffs believe that copies were distributed to other users of the network"

Work on that one lol "but we believe" is their grounds for a lawsuit??? I believe the RIAA is extorting money from innocent people has a hell of a lot more weight. No proof, no witnesses, no one was seen, or caught with said copy. They just believe it happened???

I'm not even sure they believe it.

Alter_Fritz said...

RIAA; "we want to believe"

Defendant-Lawyer; if you have no sound, then your case is unfound!


Broofa said...

Hi Ray,

Let me take a stab at answering your questions.

The RIAA doesn't seem to have the MAC addresses. Do you feel that might be relevant to the case?

Possibly, since there are ways in which an IP address may be shared by multiple individuals, with or without the consent of the owner of the network connection.

Without the MAC address, the only fact that can be stated unequivically is that Verizon assigned the IP address in question to the DSL or cable modem they issued to Marie Linder. Any statement about what computers were plugged into that modem, or which used the network connection it represents, would simply be assumptions.

There are several ways in which computer's other than Marie's might be involved.The best example I can come up with is if Marie is using a wireless gateway (to, say, let her work from a laptop in the kitchen or living room), than not only is it possible for multiple computers inside her house to use that connection, but anyone in close physical proximity to the house (i.e. neighbors) may be able to piggy-back off her connection. This is by no means an uncommon practice.

It's worth pointing out that in this case, there is no way that Verizon (or plaintiffs) would be able to know the MAC address of the offending computer since that information would only be known by the wireless gateway box in Marie's house, which may or may not record this information.

If so, how would it help us knock out the RIAA case?

By bringing the identity of the infringing party into question.

1. Are you saying that the RIAA needs the MAC address to identify the specific computer that was used?

"needs"? Well... in literal terms, yes. In a court of law, I don't know.

Without the MAC address, plaintiffs are assuming Marie's computer was plugged into the DSL/Cable modem Verizon provided. That said, this is a reasonable assumption until some explanation to the contrary is provided (See above wireless gateway explanation).

Other alternatives might be:
- House guest unplugging Marie's computer, plugging their's in
- Lindors have a network gateway installed, which was used by a house guest.
- Lindors have a wireless network installed, used by a neighbor or someone else in close physical proximity to the house.

Regardless, at the end of the day, the alleged infringment occured using the network connection that Verizon provided to their household. Somebody with access to that network connection is responsible.

2. Why do you think they don't have the MAC address?

MAC addresses are not used as part of normal internet communications. Thus, I don't believe there is any way for Media Sentry to have recorded this information at the time they observed the copyright infringing. It is safe to assume that only Verizon would have this information and, even then, there's a decent chance that they don't log MAC address information.

Moreover, the only MAC address Verizon would have access to is that of whatever device was connected directly to their DSL/Cable modem. If this device was a network gateway of some sort (designed to allow multiple computers to share a connection), than that MAC address is pretty much useless, since it does nothing to identify an actual computer.

In essence:
a) the RIAA probably have not subpoenaed Verizon for the MAC address.
b) even if they have, Verizon may not have it.
c) even if Verizon does, there's a chance it's not meaningful, depending on how the Lindors have configured their home network.

To summarize:
In my opinion, the MAC address issue is most meaningful if the Lindor's were using some sort of networking gateway to allow them to share their network connection across multiple computers. Doubly so, if it was a wireless gateway that may allow persons outside their household access to that connection.

If, hypothetically speaking, it were Lindor's ex-husband who was in fact doing the infringing, and they had their home network set up such that he and Marie used different computers, than the MAC address would be the only way of identifying which of the two computers was involved.

On the other hand, if the Lindors simply had a single computer connected directly to the modem (the most common configuration), than the computer and modem are essentially the same device for all intents and purposes.

Please feel free to contact me at robert[at]broofa(dot)com if you have further questions.

BasicTek said...

RE: how easy it is to spoof a mac address.

That was like the top result when googling "how to change a mac address"

This ability is built into most home routers as well.

A few things to know about MAC addresses.

1) By default they are burned into every network interface (whether the NIC in your computer or wireless router hooked up to your cable modem.

2) The default MAC would identify what piece of hardware is hooked up to the internet connection and transmitting packets, It would also identify the hardware manufacturer.

3) Anyone can change their MAC address if they can use google and follow simple steps

4) Only the ISP should be able to detect the MAC addresses of their users. Any network admin worth a crap would prevent ARP requests from external networks or else they would be flooded with requests and performance of their network would go to shit.

5) This information would need to be logged by the ISP from their router logs. Like DHCP there is no advantage to store such information unless they are trying to track down criminals. Which since it's already proven criminals would most likely be hiding their MAC would be an enourmous waste of time, resources, and money.

6) If ISP's did log such info that would be a 3rd massive database of information that would need to be synched up with the DHCP and customer database to be reported on. This would cost a huge amount of money to do and wouldn't generate any revenue for ISP's. Unless forced to do this by law (as in some european countries) just doesn't make sense. Again more than likely if this information is requested the ISP would look at the MAC at the time of the request rather than having a true log of this information.

BasicTek said...

They're saying they downloaded 11 but want to be able to prove that there were 27 others.

I'm sure their list A has more than 27 songs. What is the significance or trying to prove the 27 usually the 11 is enough for their purposes?

Kim said...

I've seen many out there using other's broadband connection using wireless access. Specially in metropolitan areas. I can personally access at least 2 others' ISP to connect and if I want, download anything. Checkout the internet, there are wireless sniffing devices out there that many people are in reality going out to different neighborhoods to access other's internet service. With all these going on out there, unless they can provide physical evidence (Like a picture taken at the time or someone physically standing next to the person) there is no way to prove the relationship of the IP address to a person. I can probably take my laptop to the courtroom and connect wirelessly to some one else and download something right infront of the judge....

Kim said...

OK, fine, if they claim 27, fine, take my $13.50 and go away...

They can't ask me to pay for more than $0.50 for each low quality songs (192bit or less). They are not CD quality and not original. Most places are selling a track between 0.50 to a dollar....

raybeckerman said...

1. Exhibit A to the complaint lists 9 recordings.

2. When in discovery they were asked to produce all of the song files in their possession they produced 11.

3. They now say they are trying to recover for 38 recordings.

raybeckerman said...

Their reason is to try to get $28,500 instead of $6750.

BasicTek said...

Well without proof I think they will just have to go back to 11 recordings.

If you look at this.
really like "G . Plaintiffs do not know how many copies of the files on exibit B to the complaint the defendant distributed, but plaintiffs believe that copies were distributed to other users of the network"

Work on that one lol "but we believe" is their grounds for a lawsuit??? I believe the RIAA is extorting money from innocent people has a hell of a lot more weight. No proof, no witnesses, no one was seen, or caught with said copy. They just believe it happened???

I'd really want to work this angle. They don't know how many times a particular song is downloaded, they don't know who the downloaded song is downloaded from, they merely suspect that the defendant is responsible without any evidence other than the fact that they were able to download from the defendant. How about checking kazaa to see how many instances of said recordings are actually available from other sources other than the defendant.

[start rant]Also how can the RIAA justify statuatory damages when they have no proof of loss. They make up figures of loss of sales due to P2P when the truth is no one using P2P would EVER buy ANYTHING from the RIAA SCUM. I would rather go the rest of my life without new music than ever willingly give 1 more cent to these evil SCUM. I hope they go out of business and all of them live in the streets for this criminal behavior.[end rant]

eclectica said...

IP addresses are dynamically assigned and they seem to change every few weeks. So over a period of a year a particular IP address would belong to several different people using that same ISP.

The dynamic nature of IP addresses adds another layer of doubt to the "evidence" which the RIAA presents. The RIAA could have the right IP address but the wrong time and date when checking against the logs of the ISP.

You ought to see if the time zone specified by SafeNet MediaSentry matches that of Verizon. Perhaps the time mentioned is GMT -8 but Verizon uses GMT = 0 in its logs. If there is no time zone offset mentioned that is further doubt.

Rob Carlson said...

This is the simplest distilation I can come up with of the MAC vs. IP discussion. It's still complicated because the analogies aren't that tight.

A MAC address is used as a filter when you are on the same physical wire as the other device you are talking to. If you string a wire across the room into two computers, they will use their MAC addresses to recognize what information over the wire is for them and ignore everything else.

It is akin to somsone placing a envelope with the name "Joe Unique" on a table in the middle of a room full of people. Everyone else ignores the envelope because they aren't Joe and it would be more trouble than its worth to reach over to the table for something that isn't theirs. When Joe looks over at the table, he will pick up the envelope and read what's inside because it is for him.

But the only reason Joe Unique calls himself that is because that's what his mother named him. If the next day he comes into the room and calls himself "Bob Smith", he will then introduce himself to others all day as Bob Smith and pick up the envelopes addressed to that unique name.

The minute you need to cross over into another electrical wire through a smart device like a router or another computer, that computer takes your bits and attempts to send it in the right direction substitutes its own MAC address for yours.

This is so that the router device on the other end of _it's_ wire will recognize the "face" of the electrical device it's talking to and know how to recognize it again to return information over that single step.

This is akin to handing the letter to your postman to deliver to someone down the street. The "face" that your neighbor sees is not yours, but the postman. It would make no sense for the postman to wear a mask of your face to deliver mail from you, because nobody would be able to look at his face and recognize him as the mailman.

The return address (your IP address), however, is that of your house. To reply to you, your neighbor would hand a package back to the postman (by recognizing his "face") and he would carry it back to you over his route.

Your neighbor and you would never see face to face, and your postman would never have any reason to describe you to him.

If someone asked the postman "can you describe the guy who met you at the door exactly six weeks ago and gave you a package for the guy down the street," he might remember if he kept a journal of the description of people who hand him packages at the door, but really he's so busy with other mail that he probably wouldn't remember.

He might be able to tell you that Mr. Smith has been living at a certain address for the last 3 years, or it might be a college apartment that rarely stays rented for longer than three months and the names, faces, and owners change more often than he can keep track of.

And yes, MAC addresses are trivial to change on many (not all) personal computers and routers.

--Rob Carlson

Alter_Fritz said...

something interesting over there in the blog that ray has posted a link in this post here has happened!
a commenter that claims to work for the 3rd party commented claims that he knows stuff that even the judges in those cases so far refused to answer.

stupidly that blog over there does NOT send confirmation mails to an anonoumus mail service. so i use fair use rights, qoute him partialy and post my answer here:
"investigator dre" wrote:
58. There is some misinformation out there regarding all
of this. Perhaps i can clear some of it up. First off as to saying the record companies (who by the way are the ones who are doing the suing) do not have any proof isn't really true. It isn't a "techie" at the RIAA that gets the evidence, but rather an outside party has been hired to get the evidence. [...] They do log into kazaa, morpheus, limewire etc. and browse for music that is copyright protected. Once they find a user with a song (i.e. the Avril Levine example) they view that individual users' shared folder. They then make screenshots showing the files in that folder. This is actually what the "big list" is. Next they actually download some of the songs from the user (usually 6-12) to ensure that they are in fact what the file says it is. (again in the Avril Levine example they make sure it is a full version of the song) These then become the "short list".
[...] why this is even illegal and in it's simple form it is this. Copyright protections (under Title 17 of the US code) give the copyright holder the exclusive right to distribute and/or copy the music. Having a copyrighted song in a shared folder that is open to anyone else to download is a form of distribution. [...] It's really quite simple when you think about it.
[...] The third party contacts every person who goes through the process and explains everything to them. They answer any and all questions about the process/case, they provide all documentation (screen shots, legal filing etc.) if the defendant wants them and they in general they are the ones who deal with the defendant on a day to day basis. So the comments about the defendants lawyers not knowing whats going on is not true, they know and have access to all of the information on their client's case.

How do I know all of this? I used to work for that third party. I just wanted to fill in some of the gaps of information that for what ever reason isn't getting out there.

What i wanted to comment over there but can't due to their registering policy was this:
dre wrote: "Having a copyrighted song in a shared folder that is open to anyone else to download is a form of distribution."

Interesting that you claim something that even the judges in this cases have refused to rule in summery Judgement Motions about!

It is NOT clear that having copyrighted songs in a "shared folder" is a form of copyright infringement.
So who are you that you can claim that?
RIAA troll or the boss of the justice department that you know more then even the judges in this cases?!

And you are also misstate something. These screenshots do not show copyrighted files. They show filenames! since the alphabet is not copyrighted if you make a screenshot that says "riaaartist_-_stupid_song.mp3" that is not a prove of copyrightinfringement and it is not EVIDENCE if the judges would be smart to understand that a screenshot is no evidence.
If the third party guy downloads a file with a filename that he is ordered to download and if he then can confirm its a copy of a copyrighted song then he has evidence that a copyrighted song is in this chared folder!
this third party has NO evidence how it came into that folder (legal or illegal) and the third party has NO evidence that it was distributed in a way that would be an infringement of the exclusive distribution rights!

Alter_Fritz said...

his comment in its original form here:

Alter_Fritz said...

Oh and regarding the value of a screenshot as evidence:

the "investigators" for the people have clear evidence that an individual with the username "horny_R.L.G." and the IP-Address was illegaly downloading an copyrighted soundrecording from an ONLINE MEDIA DISTRIBUTION SYSTEM.
The people investigators were able with the help of a public database to identify a) the ISP and b) with the help of the ISP the investigators were able to identify HRO as the copyrightinfringers!
The peoples "investigators" weren't yet able to ask the lawfirm who the user with the screen name "horny_R.L.G." is, but the investigators believe to know who it is and that this individual in fact has not only illegaly downloaded music, as you can see in the screenshot, but the people also believe that this individual has willfully illegaly distributed perfectly digital copies of copyrighted soundrecordings of those well-known and respected record companies

maybe Ray should have a very private coversation with the RIAA lead counsel if he has 3750$ that Mr. Richard L. Gabriel wanted to donate to the RIAA defense fund before he shows this "evidence" to the judge on the next courtday :-)

The "Evidence"-screenshot is here:

raybeckerman said...

Here's a comment that was sent to me offline:

1. Are you saying that the RIAA needs the MAC address to identify the specific computer that was used?

Yes. IP addresses are a temporary address of the modem only. Most home users have a NAT box between their network and DSL/cable modem, so the NAT box "hides" the real computers on the user's local net. This is for security, economy, and for the convenience of sharing the connection or using it via wireless networking. Wireless access points all throw NAT and routing into their feature set because they need to offer virtual connections to anyone who walks into range, and we all know how popular wireless has become.

The key thing to understand about NAT boxes is that they "lie" about the local network they're connected to in order to share the single Internet connection -- by careful, deliberate design. Some extremely smart and knowledgeable people have gone to great lengths to make these NAT boxes "pretend" to be only one computer. This illusion is mainly created to ensure compatibility with other network components which may assume "one computer, one IP address."

Another reason that NAT boxes are so careful to hide the rest of their network is that home Internet providers at one time tried to charge more for connecting multiple computers to their Internet connection. To wit, many Internet service agreements (e.g. Adelphia) still forbid using any kind of router or server with their service. That prohibition would include NAT boxes, but the NAT-box makers got so good at their masquerade that the Internet services had no cost-effective way to enforce their subscriber agreements. Internet providers have also learned to like NAT because NAT boxes provide reliable security from outside attack, so much so that many ISPs at the same time formally forbid them but also strongly recommend them for security -- even if only one computer is connected!

These same designers of NAT boxes know *everything* that's worth knowing about Internet protocols, including any back doors that may or may not exist, so their creations are not about to accidentally leak information thru some secret back door. There's just no easy way for the RIAA or anybody else to get around them, and that's not by accident.

Back to MAC addresses in particular: as you'll see from the discussion below, computers' net interfaces are usually implemented on top of the Ethernet protocol. The interesting thing about Ethernet is that each interface in the world has an address number which it uses to communicate with other Ethernet cards, and which is supposed to be totally world-unique ,and is supposed to be hard-wired into the device. The uniqueness is required by an international standard, but most devices can easily be reprogrammed to "spoof" any other since actual hard-wiring is a production nightmare. Still, it is fairly uncommon to reprogram or spoof individual computers' interfaces' MACs (routers and NAT boxes are usually the ones that play that game), so I'd personally be willing to stake a few K$ case on a MAC's uniqueness (if you can get that MAC #, see below) but certainly not a $100K case nor would I send somebody to jail just on a MAC. As evidence goes, I'd classify MACs as having similar weight to circumstantial evidence, but that's as far as it goes. Note that this assessment is for normal users & doesn't extend to technically sophisticated users, who could spoof a MAC as easily as ordering a Big Mac.

2. Why do you think they don't have the MAC address?

The Internet and home networks run completely different protocols -- oil and water. The Internet runs on IP (Internet Protocol) which uses IP 111.222.333.444 addresses, whereas home networks usually run on Ethernet-derived protocols which are MAC-based. Internet protocol handlers wouldn't know what a MAC address was if they saw one, nor what to do with it. MAC addresses are a foreign language -- nay, a foreign concept -- to the Internet, so there's just no point in putting MAC addresses out in Internet packets. That's why MAC addresses stay local to the user's local net, and without access to the local network the RIAA has no way to get MAC addresses.

Here's some background as to why the Internet is so different from Ethernet. Many people don't know about this stuff, but I was around when all of this was designed:
Internet is short for Inter-networking. There are many different networking technologies, and there used to be even more back when the Internet was originally designed in the 70s and 80s. Most of them were vendor-specific. Before the Internet, those different networks were notoriously difficult to connect because they were incompatible. That was the #1 problem the Internet was designed to overcome: bridging all of those disparate networks over large distances. To do so, the designers created a simple, neutral protocol that could bridge most protocols. Today, most local networks have standardized on Ethernet-derived protocols, but the separation between the Internet and Ethernet persists for many practical reasons, including the fact that Ethernet is designed only for relatively small networks and not the entire universe.

Note 1: You may ask, if local networks are Ethernet-based, why can local computers be addressed by local IP addresses and surf the Internet? The answer is that IP is very flexible, and is implemented on local computers by using Ethernet-protocol packets to carry IP packets around inside of them. This is analogous to riding in a car which itself is carried on a ferry boat, where the passenger is the data, the car is the IP packet, and the ferry boat is an Ethernet packet.

Note 2: Cable modems do have a MAC address since the cable system is built on yet another variant of Ethernet technology. The cable company's office knows the MAC of each modem that’s connected to their network, but that's just the modem's MAC -- nothing to do with any other MAC. At the lowest level, the modem and NAT box talk IP carried over Ethernet to each other, but the modem has no way to know the MACs that are on the other side of the NAT box (on the user's local network) because that's what NAT boxes do: they pretend to be the sole computer connected to the modem and "lie" about the rest of the network. That lie is carried out at both the IP and Ethernet levels.

Note 3: I think, but I'm not sure, that some DSL modems can relay the MAC address that they're connected to back to the ISP. If not, some modems can be programmed to talk only to one MAC address. In those cases, and if there's no NAT box (solo computer) in the data path, that would seem to indicate that the ISP could know the MAC of computer connected to that modem. Wrong! It's hard to prove that no NAT box was in place because all modern NAT boxes have a feature where they can spoof the MAC of a particular computer. Yes, a NAT box can masquerade as a particular computer on the network, and all Internet traffic from all computers on the network will appear to come from that one computer. This ability stems from what I was saying about ISPs trying to prevent users from hooking up multiple computers to a single connection. They put logic in their modems or network which would only connect to the MAC of the specific computer that the user had previously registered with the ISP. So the NAT makers added the spoofing features to get around that problem. It's crazy, but a $20 NAT box can demolish just about any argument about IP or MAC addresses. Even if you don't have one, who's to say you didn't have one at some time?

BasicTek said...

Hi Ray,

While some of the phrasing of your previous comment seems a bit odd to a network engineer. The content is spot on. The question is what would a judge make of it??? A non-technical person would not be able to follow what you were stating. An IP address can lead someone to the physical address of the person who paid for the IP address (i.e. the internet connection). But only a valid MAC address (which can never be verified since spoofing is so easy) can prove which device was connected to the internet connection. There you have it. Although I'm sure the RIAA thinks the IP is enough hopefully a knowledgeable judge will see it is not.

eclectica said...

The RIAA lawyers may argue that whoever paid for the IP address is responsible for the alleged copyright infringement. But that person is not necessarily the end point and could be providing internet access to any number of people. If a person provides internet service to a number of person, that person is like an ISP and is just a neutral conduit who is not responsible for the traffic.

I would take it a step further and say that having mp3s on the hard drive in itself is not copyright infringement, and the hard drive itself is a neutral conduit like the ISP. Digital files by themselves are useless and there can not be a claim of copyright on hexadecimal characters. The copyright infringement would only occur when those files are played onto speakers, and the songs could be recognized as being what they are.

raybeckerman said...

Another comment I received offline:

I've just got around to reading the comments on the issues of
identifying an individual PC on the Recording Industry vs. The People
blog. As a professional in the network security arena I thought you
might be interested in a very basic explanation of what goes on when a
PC connects to the internet. I've tried to keep it as simple as
possible - Networking 101 if you like. Feel free to ask questions. If
I'm teaching my grandmother to suck eggs then I apologize in advance!

How do computers talk to each other?

Communication between computers on the internet relies on a group of
devices known as routers. These are effectively the switch boards of
the internet. Every router knows about every device connected to it and
knows which physical connection to use to ensure messages reach the
right destination. Routers can have anything from 1 to 48 connections
or ports that networks cables are plugged into, each of which will
connect to another device on the network. Routers used for home
networks typically have either one or four physical ports and may
additionally support any number of wireless connections. For the
purposes of this discussion Cable Modems and ADSL modems can be regarded
as routers. They do exactly the same job.

The connection from a PC to the internet goes like this.

PC <-> Router <-> "The Internet" <-> Destination web server or another

In order for this to happen every device in this chain has to be both
identifiable to, and be able to identify, the others in the chain.

To do this a system of "unique" numbers is used. These are commonly
referred to as IP - Standing for Internet Protocol - addresses. I'll
explain why I put the word unique in quotes in a minute. There are
currently a maximum of 4,294,967,296 possible IP addresses available in
the entire world. This limit is imposed by the nature of the
mathematical calculations used to generate the IP address system. In
technical terms it is a 32 bit number and this cannot be changed without
implementing a whole new way for computers to talk to each other.

So, if every device has an IP address then all it needs to do is include
that address in every piece of information it sends over the network
and any other device it talks to will be able to send responses back
because, in theory at least, no two devices will have the same address
at the same time.

Network address translation ( NAT )

Now, getting back to the "unique" numbers I mentioned earlier. Because
there is a finite number of IP addresses available, and because of the
implications of trying to allocate and manage that number of numbers
effectively, a technique known as Network Address Translation was
developed. In essence what this does is allow a number of devices to
connect to the internet using only one IP address. This is how it

There are three ranges of IP addresses that are classed as Private
Networks (,, ) This means
that devices using those addresses should only ever be on networks that
are not visible to the rest of the internet, they are private.

By doing this large numbers of devices can have unique addresses within
their own networks but that are duplicated many thousands of times on
other private networks. Because these networks never communicate with
each other, or anyone else, this duplication is never an issue. It can
be thought of as the internal telephone system in a large company. All
the extension numbers within the company are unique but another company
across the street can use exactly the same extension numbers without
any problems, since the two systems are not connected.

Now, if you want to connect one of these private networks to the
internet you need a way to make sure they have a valid public IP
address to do it with. This is where Network Address Translation comes
in. The devices that sit between an internal network and the internet
are called routers. Whether they are large ones costing thousands of
dollars on a corporate network or the kind you find at home in your
broadband modem or in a cable modem they all do the same thing; they
allow a computer with a private IP address to connect to the internet
using a public address. They are the switch boards that let you make
external calls on the company internal phones.

Referring back to the diagram at the top, the PC talks to the router
using its private IP address. The router then translates the private IP
address of the source into the public IP address that it uses to
communicate with the internet. It keeps a record of the destination and
other information as it does so.

When the destination device sends a message back it sends it to the
public IP address of the router. The router compares the source of the
reply with the information it stored when it sent the original message
and uses this to identify the correct destination and translates the
public destination IP address back into the correct private address, and
passes the information on to the PC on the private network that has that

This is very straight forward with just one PC on the private network.
However, it is perfectly possible to have multiple PC's on the private
network talking to multiple destinations, all at the same time and all
using the same router. This is where it starts to get interesting from
the legal point of view! How does the router keep track of where it
should send the replies for a particular address and, more importantly,
how can anyone looking in from the outside tell which PC is doing what?

The answer to this is provided by another piece of technology called a
Media Access Control address, or MAC address. The fundamentals of how
this works are buried in the guts of the network protocols that underpin
all networked systems.

Fundamentally a MAC address is a "unique" , there are those quotes
again, identifying number associated with the network interface of the
device involved. It consists of a string of numbers and letter
separated by ':' e.g.. 00:0E:7B:24:E7:9C Every MAC Address is assigned
to a specific Network interface by the manufacturer at the time it is
manufactured. There are very strict controls in place over which
companies use which ranges of numbers for the devices they make that
ensure they are all unique at the time they are assigned.

When a PC first starts up it may have no IP address assigned to it, or
it may have one preset. If it does not have one it starts sending
messages over the network known as Address Resolution Protocol ( ARP )
requests. These are contained in what are known as broadcast messages.
They are sent in such a way that every other device on the network will
see them but only those capable of responding will be able to process
them. These messages contain the MAC address of the device concerned
and a message requesting that it be assigned an IP address. These are
only responded to by devices capable of assigning IP addresses to other
devices. Typically this would be a dedicated server in a corporate
network, or an individual router in the case of small home networks.
Since the home user is what we are interested in lets look at how that

The router receives the ARP request containing the MAC address of the
device making the request. It picks an IP address from a pre-assigned
range and sends a message back to the requesting device that tells it
can use this address. It then makes a record of this in an internal
table that lists all the MAC addresses it has seen and all the IP
addresses associated with them.

So the router now has a record of every device on the network, it's IP
address and it's MAC address. This is known as the ARP Table.

If the Computer already has an IP address pre-assigned then the
allocation process does not take place. Instead, when the router
receives a message from an IP address it doesn't already know about that
is within it's pre-assigned range, it issues an ARP request to every
device on the network asking for the owner of the unknown address to
respond with it's MAC address. This information is then added to the
ARP table.

Now, when the router receives a message destined to a particular IP
address it looks up that address on it's ARP table. This tells it the
MAC address of the device concerned and in turn this tells it which
physical connection, or port, the message should be routed down in
order to reach it's destination.

When the router receives a message for an IP address that is not within
the range of addresses it controls, i.e. not on the local private
network, then it sends it on to the next router it knows about and the
process is repeated. The next router is normally one controlled by the
Internet Service Provider providing the broadband connection to the
owners address and is reached using that broadband connection.

So, the situation we have it that any PC connected to the internet via a
router can talk to any other PC on the internet or it's local network
without messages going astray or being delivered to the wrong address.
Added to that we can have many computers with the same IP address using
the internet in different locations without confusion thanks to the NAT
system. Finally, by using the MAC addresses we can identify any
individual computer on a network given access to the ARP table of the
router it is connected to.

Now the relevant bit to the cases being brought is the identification of
a specific computer that is behind a router that is using NAT by using
it's MAC address. This is only possible under two circumstances.

1. You have legitimate access to the router from the private network
that enables you to examine the ARP table. This is normally only
possible if you are the owner of the router and requires a user name and

2. You have compromised the security of the router from outside the
private network in order to gain access to it. In the UK at least his
is illegal without the consent of the owner of the router.

MAC addresses are not included in normal internet messages. There is no
way to determine the MAC address of an individual device without being
directly connected to the same router as that device or having physical
access to the device itself.

Private IP addresses are not included in normal internet messages.
There is no way to determine the private IP address of a computer
without being directly connected to the same router as that device or
having physical access to the computer itself.


There are a number of issues that complicate what should be a relatively
simply situation.

1. Mac addresses can be changed.

Although they start out as a unique number it is perfectly possible for
the owner of a computer to change the MAC address of it's network
device. Without a record of the original MAC address assigned to it, it
is impossible to tell if it has been changed under normal

2. Wireless devices are not physically connected to the router.

Any wireless device is potentially capable of connection to any other
wireless device unless specific precautions have been taken to prevent
this. These precautions are not intuitive and are not enforced by
default on the vast majority of wireless routers on the market today.
Unless access to a wireless router is secured than anyone with a
wireless enabled device can connect to it and use it without the owners
knowledge or permission.

3. The contents of the routers ARP table are not permanent. If the
router is switched off or rest then the information is lost.

4. Private IP addresses are not permanent. They may change each time
the computer involved is restarted or when the router providing them is

So, in order to prove that an specific computer was used to carry out a
specific act you would need.

1. The IP address used by the router to connect to the internet. This
is the one that is normally produced by the RIAA as evidence that a
computer was used to perform a particular offence.

2. The Private IP address that was used on the private network behind
the router plus details of the date and time that the address was used
by a particular PC.

2. Access to the ARP Table of the router concerned and proof that it has
not changed since the alleged activity took place.

3. The Mac address of the network device in the computer.

4. Proof that the MAC address had or had not been changed.

5. Proof that the computer in question was not connected wirelessly and
remotely from the physical location of the router.

raybeckerman said...

trai_dep said......

The business model that the RIAA seems to be using is to sue for an amount that is as high as they can, yet low enough that it doesn't make economic sense for the defendent to fight in court.

So, how about draining the swampwater? Any way to make it absurdly inexpensive to defend to the point that the RIAA can't make enough money to pay for their overhead?

Any legal people out here? Any combination of form letters, paralegals, law students printable how-to guides or network of legal defenders that can set up a system that reduces the cost of defending against these suits to, say, $100? $50?

I think once the RIAA doesn't profit from the suits, they'll stop filing them. Wouldn't it be great to smack down their legal bullying by beating them at their own game?

Dear trai_dep:

You're on the right track.

Build it, and they will come.

The RIAA loses money on every case that doesn't settle.

If defending could be made affordable, it would wipe out this nonsense once and for all.


CodeWarrior said...

Wow...this thread generated far more comments than usual. I liked the observations of Alter_Fritz regarding that an IP address is NOT an individual. Very astute. It is not a natural NOR a legal person, but instead, just a designation of an address on the internet, though, it is usually tied to an account with an ISP.

But, let's say that more and more people start maintaining a wireless network with low levels of security. It would theoretically be possible for a "war driver" to hack into a network and download tunes through the IP address of the homeowner, and it would be difficult to rule out this possibility. The "hackers did it" defense could be possible.

These are also not really "copies" in the sense of all the data in the original tune being there.
As I have noted before, MP3s are really "samples" of the data, and thus are limited amounts of copying that possibly be examples of fair use more than they would be infringements, though, I'm not sure how easy that would be to aruge in front of these judges who have hardly enough technical expertise to know that a JPEG digital file of the Mona Lisa is not THE Mona Lisa. I think, to paraphrase the late Bruce Lee, they confuse the finger pointing at the moon with the moon itself.

CodeWarrior said...

Ultimately, I blame the ISPs for keeping those damn activity logs too long.

raybeckerman said...

I'm fascinated with trai_dep's thinking. Where do we go with it?

App said...

You guys are getting sidetracked with something irrelevant...MAC vs IP address.

It doesn't matter who the identity of the actual person or computer that did the sharing is.

It matters who's name is on the bill...the party that agreed to be responsible for any and all activity associated with their account.

If Mary Lindor failed to secure her network and a neighbor was sharing the files, Mary Lindor is responsible for that because it was her account.

If a house guest unplugged the pc and plugged in their own, Mary Lindor is responsible for that because it was her account.

If you don't want people doing stuff on your account that you can get blamed for, then secure it.

When you signed up for your internet access you agreed that you would be responsible for any and all activity on your account, no matter who it was that was using it, and whether it was authorized by you or not.

Mary Lindor agreed to this when she made her account too. It doesn't matter if it was a neighbor, a house guest, her children, the family pet, or a fan falling off a shelf and accidentally hitting the right buttons on her keyboard and causing the sharing of files.

But they still have to prove there was sharing going on.

And this 'perfect digital copies' thing...

They are not claiming that she was sharing 'perfect digital copies' of any CD. They claimed they made a perfect digital copy of what she was sharing.

So if she was sharing a crap quality file of herself singing in the shower, then they have a 'perfect digital copy' of it's same crap quality.

They have to prove the files are what they say they are. And they have to prove that they were being shared. And they have to prove that the sharing was being done by some party with access to her account. And they have to prove that they were able to download a complete copy from her and only her. Multi-source downloading doesn't count if the transfer from her never started

It's possible her ports weren't forwarded and she really couldn't upload any files if her life depended on it. And like I said before, she also could have been deliberately blocking herself from sharing by other means.