Thursday, December 07, 2006

Rae J Schwartz Submits AOL Letter to Court; Letter Contains No Reference to Downloading or Distributing of Copyrighted Songs As RIAA Had Claimed

After obtaining a copy from the RIAA's lawyers of the letter the RIAA had received from America Online, and ascertaining that it contained no reference to "downloading" or "distributing" of "copyrighted songs, contrary to the statement made by the RIAA to the judge, lawyers for Rae J. Schwartz in Elektra v. Schwartz have asked Judge Trager to recall his previous ruling which stated that AOL had confirmed downloading and distributing of copyrighted songs:

December 7, 2006, Letter of Ray Beckerman to Judge Trager*
December 4, 2006, Order*
November 1, 2006, Letter of Richard J. Guida*
February 28, 2006, letter of America Online*

* Document published online at Internet Law & Regulation

Commentary & discussion:

(English language)

Digital Music Weblog
Digital Music Weblog (Video "Congratulations to the RIAA Legal Team")

(Other languages)


Keywords: digital copyright online download upload peer to peer p2p file sharing filesharing music movies indie label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs


BasicTek said...

Also note that AOL states "to the best of our knowledge"

Do they know 100% that the IP was actually registered to the defendant at the time? Or do they send the networking department a list of IP's in which they look up who is currently registered to them. No one is asking this question. I bring it up once again because the system that logs IP's is in no way connected to the system that contains customer information. They were not designed to be connected and it would cost millions or more to conect them and retain that info which has no dollar value to an ISP. Unless required by law to do this (such as some European countries) I don't think it's happening.

Even if they got the IP right does "AOL's knowledge" know who was using the IP? No

Do they know the MAC address of the computer or router sending and receiving the packets??? No

Looks like just another case of an RIAA smokescreen by twisting their words...

CodeWarrior said...

If the RIAA had made certain representations to the Court, that this alleged letter from AOL confirmed commission of copyright infringement, and it did not, and the RIAA knew OR SHOULD HAVE KNOWN that this was a false statement, was this a fraudulent misrepresentation made to the Court by the attorneys for the RIAA, and if so, aren't sanctions against the attorneys in order?

Alter_Fritz said...

BasicTek wrote: "Do they know 100% that the IP was actually registered to the defendant at the time? Or do they send the networking department a list of IP's in which they look up who is currently registered to them. No one is asking this question.

Maybe it is time that a defendant will ask exactly that question to the ISP in the course of fact discovery.
The database AOL is maintaining must be VEERY big if they can say for all of their millions(?) of customers what IP address an individual customer had at any given second for over a timeperiod of over 18 million (!) seconds in the past before the answer was given to the RIAA-laywers end of february 2006.

What is also interesting in this letter I think, is the Fact that it contains IP adresses from totally different timeframes; the earliest from july 11,a few in august, september and so on until november 26,2005.

If the plaintiffs wait over 7 month (18 mill. seconds) until they got "enough numbers" that a new wave of money making litigation makes sense for them is this not a proof that they missuse their copyrights if they wait so long after they learned that someone has alledgedly infringed their rights?
it also raises the question if the database the RIAA-"Investigators" are maintaining does not get corrupted over that long time!
One single digit changes can happen very easy.

Can the RIAA assure that their database is genuine and that it was and not "205" for example at that exactly second?

The RIAA is keeping everything that has to do with the finding and recording of those 12 digit numbers secret, and have not yet proved to any court (that is not totally internettechnology illiterate and does not know what this is all about) that their techniques are without a considerable margin of error in recording and storing and processing of this 12 digit numbers.

Anonymous said...

No, it would not be a massive database. You log when someone dials in and requests an ip. That's one ip per session, wether it's 5 minutes or 2 hours or 3 days.

Alter_Fritz said...

i was aware that is only 1 set of data per customer, per session. (actually it must be 2 to be reliable; start and end of lease)
Simplyfied example with assumed 1 Mill members login in each day for lets say 3 onlinesessions with 2 recordings in the database for start and stop of lease for 7 month a 30 days
1000000 x 3 x 2 x 7 x 30 = fu.....(nny) huge database I say

Alter_Fritz said...

more funny numbers with respect to european 2 year dataretention ideas:

Anonymous said...

I wouldn't get too excited about this. In fact, stop exaggerating:

> 1000000 x 3 x 2 x 7 x 30

= 1260 M records.

At 128 bytes/record:= 161G/month

Not too bad, fits on one small disk these days.

When you consider that this data is the ISP's *billing* data - ie. without this, how do they get their money? - you can't really be surprised if, yes, they really do keep this data.

Compare and contrast:- how much data do you think a telco retains over a billing period (say a quarter)? Lots. Given that they can also print off your call records months, and even years later, how much data is that? Heaps.

Of course they keep associations between IP addresses and accounts. It's *%&^*%* easy, doesn't cost much , and is essential for the survival of their business.

Should it be up to the RIAA to prove who paid for the access? Absolutely.

OTOH - can they tell who was using the machine? No.

Can they assure the court that there is no possibility that the account wasn't being hijacked by someone else on the same subnet (quite plausible)? No way.

raybeckerman said...

These are not permanent IP addresses, but dynamic IP addresses that were assigned & reassigned. Sometimes it was accessed to the account for less than a minute. This data is full of errors.

Alter_Fritz said...

could be, we have different views on that issue because in my country (germany) keeping this information is against german dataprotection laws because IP adresses are not necessary in case you have a flatrate (google for Holger Voss vs T-Online)

"Should it be up to the RIAA to prove who paid for the access? Absolutely."
Irrelevant! What the RIAA should prove is who did any alledged copyrightinfringement. Not who pays a bill.

Alter_Fritz said...

you can't say that so directly!
problem here is what the (native english language?) lawyer really wrote in this sentence to the court and what judge trager thought this sentence did mean.
Or as "NewYorkCountryLawyer"(alledgedly Ray) wrote somewhere else; "Well now we're going to get their explanation: we didn't mean AOL confirmed she was the owner of an account used for copyright infringement; we meant we think an account was used for copyright infringement, and AOL confirmed she's the owner of that account."

Anonymous said...

So you have an IP attached to an account at one point in time during a 7month period. so who was it attached to during the other points in time. there are alot of technologies that use p2p. world of warcraft for example uses a bittorent like system to distribute its software updates.

Was there a classification of which protocol or port was being used?

not only that what about durration of use of said port or protocol?

Anonymous said...

Well if you look up an ip address it can tell you state and near city of its origins. IP ranges are bought out by isps then when using dialup are assigned during your login. If you are using a broadband system you can have the same IP for a month or even longer, dialup ips are changed each time you login.

Now with this in mind you call a center that has switches that connect your incomming call to their network. Each call hub stores your login name along with your assigned ip at the time.

Now lets just for fun say an average person using dialup connects 3 times per day to check their email, browse the web, what ever. An ip is 15 bytes of data store under your account name. 15 x 3 is 45 bytes of information. So in 1 kilobyte(Kb) we can store just under 23 users a day. In a single megabyte(Mb) we can store 23244 users information per day which is a pretty drastic number.. Most call hubs you connect to and get on the internet cant support that number of people and would probley be stored in a database probley on a remote server system with a few terabytes(Tb) of space. Even if there server was only 1 gigabyte (Gb) it still could hold just over 23 million users (23802675.2) of information logging their ip and taking that your home computer probley has more than 80x more space then a single GB your home computer could probley store all the connection information of AOL in a single year. A single terabyte which isnt exspsensive to do by todays standerds and could even fit in your home computer could hold just over 24 billion user (24373939404.8) logins per day or probley a half if not all of the login information AOL has in a single year on dialup now. If we devide that number by how many days are in a year 24373939404.8 / 365 = 66777916.177, 66 million users can be logged every day for an entire year on a TB of space so its cheap and effective to log all there traffic.

Its not that much space or time to log such information and with AOLs problem with account phishing for years they more then likely do log there ips and phone numbers.

And if you really want to get picky about it.. you can take the logs the phone company keeps and the call time which would be just as big of a list along with an IP lease refrense time which IS logged by all isps.

Larry Rosenstein said...

In binary an IP address is only 4 bytes. Same for a timestamp, so that's 12 bytes per user session. This is only about 20KB per user/year, which is about the size of 1 email. (The fact that AOL has millions of users isn't as relevant as the amount of space required per user.)

The AOL letter confirms my hunch about this issue; namely that the plaintiff hoped to put one over on the judge by combining the information from AOL that the defendant used an IP at a certain time, with their unproven belief that the IP was used for illegal downloads.

(Even ignoring all the legitimate questions about whether AOL's information is accurate or that AOL doesn't really know what computer was signing in at the time.)

BasicTek said...

"When you consider that this data is the ISP's *billing* data - ie. without this, how do they get their money? - you can't really be surprised if, yes, they really do keep this data"

IP's if logged would be done so on various DHCP servers (we refer to these as networking equipment) half the networking done for AOL isn't even owned by AOL!!!

Billing information is kept in a customer support database like peoplesoft.

To report off this the data would have to be mined from the various hundreds of networks and DHCP servers into an indexed database, reporting software would need to be purchased, installed, configured, designed, etc.

The reporting software alone cost millions, then the database software, the SAN/NAS and other server/network hardware, IT people to maintain it, Design engineers to write the reports.

"120 gig hd" Grow a brain before responding on things which you have no information about.

Billing also has NOTHING to do with IP address. Oh wait you must be talking about AOL's policy to bill people every time their IP changes. Moron...

How do I know all this??? Because AOL is one of my customers.

PS: Die jdenv you spammer and sorry for the digression

Alter_Fritz said...

dreddsnik wrote:
"[Richard J. Guida, Robinson & Cole LLP. Counsel for Plaintiff] lied, or, to put it
better .. was DELIBERATELY misleading .. Deceptive.

Dishonest, with the intention of
deceiving the judge.

See, using this way to "put it better" is something more likely to work in the light of FRCP11*
RIAA-Richard2 could point out that he is just too stupid (see his other factual error -conference thingy- in the last paragraph of his nov. 1st letter).

So using this "better" words might be more in favour of a judge that needs to decide if he is now finaly pissed off enough be the actions of the RIAA plaintiffs so that he will not only revise his order about the likelyness of the granting of defendant's request, but also that he will punish those evil RIAA guys!

The RIAA is harming the law and the perception of "how law works" very much with what they are doing and to sensibilitise the judges for that fact, it is not heplfull to use ordinary normal people words, but to use words that they use in there all day environment.

(of course, we [I assume here you are no lawyer too!] the ordinary layman call RIAA guys like Krichbaum, Gabriel, Guida ect. what (we think) they are; liars crooks, scum, [*selfcensored because of the place where we are*])


raybeckerman said...

Just for the record, the Schwartz case is being run by Timothy Reynolds of Holme Roberts & Owen, not by Mr. Guida. Mr. Guida is a young fellow who works for a fairly large Connecticut-based firm that is acting as "local counsel". I believe he is under orders to do whatever Mr. Reynolds tells him to do. I guarantee that the words came from Mr. Reynolds, not Mr. Guida.

While I am of the school that every member of the bar does have to take responsibility for his actions, Mr. Guida's blame is not nearly as great as Mr. Reynolds's. He is a young kid just starting out, so I pity him more than blame him.

So for the sake of posterity I just want to note that the lawyer doing this is Timothy Reynolds.

While Mr. Gabriel is equally culpable with Reynolds, since he knows of and approves of Reynolds's actions, I can assure you that Reynolds is cut from the same cloth as Richard Gabriel.

Anonymous said...

might just point out... AOl ips seem to change at random WHILE YOU ARE STILL CONNECTED.

i'm a web developer, as a security feature of my site i added an ip check within the session handling; upshot of this is if your ip changes while logged into the site it logs you out. Meny aol users have complained to me about the site logging them out for no reason (they get the changed ip message) this happens usually within ten mins of them logging in.

So yeah, data is unlikly to be accurate.

myUsageNZ said...

BasicTek writes:
>To report off this the data would have to be mined
>from the various hundreds of networks and DHCP
>servers into an indexed database, reporting
>software would need to be purchased, installed,
>configured, designed, etc.
>The reporting software alone cost millions, then the
>database software, the SAN/NAS and other server
>network hardware, IT people to maintain it, Design
>engineers to write the reports.

Hmm. Assuming these hundreds of DHCP servers (which doesn't seem like an overly high number) are all contactable by IP and are all running on some unix-like platform that has ubiquitous tools like perl and ssh available -- not unreasonable assumptions for an ISP -- the fundamental collection and central databasing of the DHCP lease logs would be a trivial task that would require sub-genius programming, networking and database skills, and not a lot of time.

It could all be done with free software, not $millions. As for hardware, the central processing and data storage requirements would also be negligble in the grand scheme of things, and should be taken care of for < $100k.

As for reporting, a couple of decent SQL wizards put together with some application guys and you should be all set.

Aren't ISPs supposed to be the sorts of places that have a sufficient concentration of real geeks who are good at hacking up clever solutions so they don't end up shelling out $millions for their basic business reporting requirements?

Of course, this is AOL we're talking about here ;-)

myUsageNZ said...

anonymous said:
>might just point out... AOl ips seem to change at
>i'm a web developer, as a security feature of my site
>i added an ip check within the session handling;
>upshot of this is if your ip changes while logged
>into the site it logs you out. Meny aol users have
>complained to me about the site logging them out
>for no reason (they get the changed ip message)
>this happens usually within ten mins of them
>logging in.

It seems rather unlikely (if we're talking about dial-up) that the user's own endpoint IP address is changing during their session.

A far more likey explanation, IMHO, is that the ISP is employing a network of transparent http proxy servers, and some of the reqests to your web app are ending up coming to you via one proxy, and later requests via another proxy. Your web app sees a change in IP and thinks something fishy is going on.

Altervatively, the user is on a broadband connection, and didn't notice a reconnect (and the fact that this got them a new dynamic IP) while they were reading one of the pages of your app. Since reading a web-page is a stateless thing (in that you download the page from the site, and the site has no idea how long you spend reading it), it is quite possible for a user's broadband modem/router to get a new dynamic IP halfway through a single "session" to your web app without them noticing. Again, your web app notices, and sees something suspicious.

Which just goes to demonstrate the perhaps fragile nature of IP-based session checks these days :-)