Thursday, December 20, 2007

RIAA tries to submit new "supplemental" report by Doug Jacobson, makes accusations against Ms. Lindor's son

In UMG v. Lindor, the RIAA has sought to produce a "supplemental" expert's report from Dr. Doug Jacobson, which contains new material not referred to my Dr. Jacobson in his prior reports (see exhibits 15 & 16, his prior declaration, or his deposition testimony), in support of their request for a telephone conference.

Attorneys for Ms. Lindor's son, who is targeted by the RIAA's letter, and for defendant, both opposed the application, and defendant moved to strike the report for failure to comply with the Federal Rules, and to mandate in-person, as opposed to telephone, conferences for plaintiffs' Denver, Colorado, attorneys.

December 19, 2007, Letter of Richard L. Gabriel (supplemental expert report)*
Proposed Supplemental Expert Report*
December 19, 2007, Letter of Richard A. Altman in opposition*
December 20, 2007, Letter of Ray Beckerman in opposition*

* Document published online at Internet Law & Regulation

Commentary & discussion:

Keywords: digital copyright online law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs

To contribute to Marie Lindor's legal defense, see below.

The above donation button links to a PayPal account established by Marie Lindor's family for people who may wish to make financial contributions to Ms. Lindor's legal defense in UMG v. Lindor. Contributions are not tax deductible.


Anonymous said...

I may be wrong here, but even if he was running KaZa from a external drive, the application would still show up in the registry settings of the main drive of the computer. (Otherwise, the outside world would be unable to get share access to the necessary directories.)

Anonymous said...

my obervations ...

0. WTF is an administer ... this is an computer expert?

1. has anyone ever connected a *external* harddrive that was not under his 'possesion, custody or control' -- right this sooo impossible ...

2. note that the path that woddy accessed actually apears to be owned by the user Yanick -- accordingly Yanick seems to be the one who downloaded files here

3. a typo in either email or directory name (yayahq vs. yayagq)

4. i find #26 *very* disturbing and totally out of context (in other words I wonder if this really belonged to the scope of the permitted discovery ...)



Anonymous said...

IANAL - but based upon the strategy in the Thomas case, it's probably likely that the RIAA will ask the court for permission to allow a jury to find an inference that because the data was copied from another drive, that there was maliciousness or bad faith involved. That inference needs to be attacked head on.

Also - the "expert report" does not contain certain fundamental information such as the operating system (Windows XP, 2000, 98, etc), what revision (whether any service packs or other major updates were installed), and whether any access controls existed on the files.

By default, Windows XP attempts to isolate user files, so user A of a computer cannot access user B's files that are stored in the "Documents and Settings" folder. This is true even if the users are "Administrators." Generally, when new users are created on an XP system, they are by default given "administrator" rights.

So when Dr. Jacobson states that Woody was an "administrator," he is trying to imply that the user had full rights to access every file on the system, but that is not necessarily true. This can be verified by taking a newly set up XP system, creating one user, then creating another user and attempting to access her files in the "Documents and Settings" files - you'll get an "access denied" message even though the users are both administrators. While it's likely that an administrator could access files on an external hard drive because those aren't locked by an ACL, just because someone on the computer accessed jeanlindor@yahoo and had the person's resume, doesn't mean that same account accessed the downloaded files.

Anonymous said...

I, for one, wouldn't trust the ever-RIAA-friendly, Magistrate Judge Levy to be any stickler for the rules when it comes to these cases.

As for the Plaintiff's contention, they contend that they have only discovered this now? What's with this Doug Jacobson? Is he learning about computer forensics on-the-job? This is stuff he just happened to miss before, but he has found it now? And will there be something else tomorrow? Why was he even going back and doing more investigation after he'd already issued his supposed final report? And what information specifically tells him that this external drive was connected?

And very importantly, can he identify it as a specific Western Digital drive, or only that it was a WD drive with an apparent capacity of 100GB?

Suppose such a drive was connected, but it wasn't Woody's drive? Can Woody be held responsible for that? (I.e. a friend came over, they played some music on the friend's hard drive, after which said friend disconnected the drive and left with it?)

Also, can this alleged Dr. Jacobson tell you EVERY IP address this computer ever had? Or only the last, seemingly non-NATted, address? Without an entire history of every IP address ever used, who knows what it was connected to when?

Interestingly, he admits on item 18) that he was looking at saved e-mails. Is he allowed to look at saved e-mails? Are e-mails evidence of file sharing? Is this man a voyeur of other people personal information on hard drives that he gets his hands on?

Also item 26) that he is reading personal documents (resume) on the computer for content? Was his investigation allowed to read personal documents by non-defendants on the drives he investigated?

If there was ever an argument for hard drive inspections to only be performed by neutral parties, who are only allowed to look for specified items agreed to in advance as relevant to the case at hand, THIS IS IT! I would destroy my hard drive, which doesn't even have music files on it, before letting this questionable old man get anywhere near it!

One thing here is VERY UNLIKELY. That thing is that KaZaA was installed and run from this, or any, external drive – that being the reason that no traces of the program were found on the drive(s) submitted. While not impossible, it is difficult and painful to install and run Windows-based programs from removable drives. It is a great amount of trouble, and still tends to leave Registry traces, system restore traces, and other traces on the system drive itself when it is done. I notice that the contention is that music files were on this alleged external drive, but not the KaZaA program itself. This seems more an attempt to impeach the non-party Woody, than that this drive is where the files haring was run from.

There is NO discussion at all in the supposed Dr. Jacobson's document about what evidence he uses to actually support his conclusions. Only the statement that he will testify to these issues at trial as the make-believe expert. Since I'm certain that the Defense has their own image of the drive in question, his lack of explaining how he came to any of these conclusions makes it difficult – likely intentionally so – for the Defense to be able to locate experts to refute them based on the actual drive's contents. Dr. Jacobson's declaration is more of, "Believe me, because I'm the expert here." That's a load of rubbish, and if these additional items can't be kept out entirely, he really needs to back them up fully now, not at some future trial date when there's no time to refute what he has spent many months now claiming to have put together.

Is it too late to challenge that MediaSentry was never licensed to investigate in the state of New York, and therefore everything that follows from their information is Fruit from the Poisoned Tree?

I like the idea that these things should be done in person, and in the state where the trial is to take place.


Unknown said...

I couldn't get past the def'n of 'unallocated space'. I've always seen it used in the context of disk partitioning (i.e., if space is unallocated on the drive, you can create a partition out of it or, through use of utilitys, add the space to another partiion). Any data in that 'unallocated space' cannot be overwritten since the space is not available for the OS to write to (i.e., it is unallocated to a partition). There may be utilitys out there that allow you to recover files in unallocated (i.e., non-partitioned) space but I'm not aware of any. You certainly can access any sector of a drive via hex-editors but good luck trying to string that all together. I've always heard of disk space the way it is being described as 'free space'.

After having read through a couple of times, got a hard time understanding the relevancy of much of the data. Further:

- An external USB hard drive - Could'a been a borrowed disk. Say it was used prior to 7/8/2004. Was it used after? For how long? What song files were accessed? Were they on the list of shared items (if so, why not indicate - if not, then irrelevant)?

- Computer had a public IP address - If a computer is behind a router, it can have any address under the sun assigned to it. The address never makes it past the router. Any router can be set up to auto-assign any IP address to any connected computer.

- 'Administer' - I suspect that Doug meant 'administrator'. Kind'a goes back to 'unallocated space' observation above.

- 'very few user created files and several e-mails' - Personally, I don't keep any data on my program drive, including mail. Beyond this, however, there's plenty of web-based e-mail programs that the use of would result in no e-mail being on the drive.

Concur with the comment above - the 'forensic' investigator had no authority/business looking at anything other than .mp3 files since that was the purpose of the trolling expedition. To have opened that .doc file and then publicly admit it is tantamount to gross invasion of privacy which was, I believe, one of the principal concerns at the outset of this witch hunt.

Anonymous said...

With Judge Levy's record of good settlements, are we allowed to speculate how long he will take to allow the RIAAs latest effort from Dr. Doug?


Ryan said...

It is correct that you get that message, however as an admin you can take over ownership of the files and then change their permissions. As far as security goes it is more a step to prevent accidental changes to files, it does little or nothing to prevent intentional copy / read / permission changes.

Not to say that Dr. J. is anything but full of hooey 99%* of the time however.

* I say 99% percent because he probably has his name / address / etc correct :P

Anonymous said...

Looks to me like this testimony helps the Defense, not the Plaintiff.

Since they are stating dates during the time of the investigation were found on the drive, this does not allow them to allege the drive was swapped or reformated. Since this "expert" says KaZaA was not installed on it it would be impossible for this to be the drive that was detected.

The fact that some songs were played from an external drive does not prove anything. These songs could have been ripped from owned CD's, which is permitted by law. Nothing stated in the report changes that.

#15 and # 20 directly conflict. In #15 he states the defendants computer was the one that was used with the KaZaA program to upload and download files. However in # 20 he states KaZaA was never installed. It seems quite impossible to upload/download with a program that was never installed....

#16 states the computer had a public IP address. The second part about absence of a router is NOT PROVEN by this statement. Most broadband routers made can place one computer in a DMZ. This allows the one workstation to use the public IP, while still allowing the connection to be shared by other computers. Thus if this computer was in a DMZ, it does not exclude the possiblilty if the router was wireless that another machine was connected via this means and was running KaZaA.

In fact, the computer I am typing this is configured in this manner. My Linux Workstation/Server is configured with my public static IP. My router has this machine in its DMZ, but that does not prevent the other 4 machines and my network printer from operating on the internet.

I also find it quite interesting that while he says "public IP", he does not state it is the same as the IP that MediaSentry found, which im sure would have been stated if true. We dont even know if it is the same subnet, as the IP found was never stated.

Also, he makes a big deal about usernames. Just because a specific username was used for an activity, this does NOT prove the person whose name matched the username was the one that did it. Many people just let guests sit down at the machine and use it, so many people may use a single username. The example cited by Slom is an example of this, a file owned by username yanick being played by user woody.

#23, he states woody was the administrator. Unless changed, it is also very likely that the other 2 names were also administrator as well, as this is the default in XP. Thus in this light, this fact may be meaningless.

#25 fails to disclose which username was used to access the Yahoo Account. Could be very likely the music and the Yahoo might have been accessed by a different name.

#26 doesnt disclose which user was the owner of the resume file

In any case, each of these facts might have some interest to some, but is not relevant to proving the Plaintiff's case. It actually tends to show that this computer was the actual computer used by the family. Since he admits that KaZaA was never installed on this machine, looks to me that the person they are after had to be using another machine.


Art said...

I still don't understand why a motion to dismiss the case against Marie Lindor wouldn't be appropriate at this point.

The RIAA and Dr. J. have proven beyond a reasonable doubt that Marie Lindor's computer never had KAZAA on it. Since their claim is based on the "infringer" having used KAZAA, there's no way Marie Lindor could have been the "infringer".

If they drop the case with prejudice, they can still go after the "real infringer", whoever that may be. Since Woody is a non-party and not allowed to recoup his legal fees, why would he have to cooperate at all anymore unless/until the RIAA files suit against him. Maybe it's because they have no evidence against him either.


Anonymous said...

One thing struck me about Mr. Gabriel's letter. He makes a statement about how Ms. Lindor's son said he had never changed the hard drive on her system, and that this is now in question. I plug in and remove external hard drives multiple times a day to multiple computers. No person I have ever met would consider that changing a computer's hard drive. That statement can't be allowed to stand; it is a distortion, and I would hate to see a judge think that such a statement is valid.


Anonymous said...

It must be nice to be able to introduce evidence whenever you feel like it. I thought there were rules about that.

Seems to me the RIAA just admitted they have no case against Marie Lindor. They can't use this case to leverage a case against another party.

Using an external hard drive with music on it to play songs in windows media player is not tantamount to sharing files - even if sharing files was illegal, there's no evidence files were shared.

It seems as if this is just the same as saying: some user put a CD in the drive and listened to it. The RIAA has no right to say where a person can listen to music. If I want to listen to a CD, I can take it from my home stereo, put it in my computer, listen to it, take it from my home, put it in my car, loan it to a friend, whatever. For all the RIAA knows, the hard drive could be a loaner.

Finally, they asked for the computer's hard drive, and they got it. Maybe they should have asked for everything that was ever in or attached to the computer. Since they didn't, then it's their loss.


Anonymous said...

Ray: Your right, everyone calling themselves anonymous does make it hard to reference other posts.

Anonymous in post 3 may be onto something. Since they have *STATED* that kazza was *NOT* installed on this computer what are they trying to prove.

Well how does this go for RIAA logic: there was removable hard drive not turned over to us. Doesn't matter that it may be a hard drive that was not physically in the defendants control, of course, and I'm sure the RIAA won't bring that up.
Opps I went of track, and started using logic. Let me get back to RIAA thinking. Since there was a hardrive that was not turned over, the defendants can not be trusted to turn over all computers either, and therefore they are guilty.

It probably helpt to say the last part really fast and hope that no one notices there is no real connection between the two.


raybeckerman said...


1. I hate comment moderation because of the time delay it causes.... but I feel it may be necessary to omit comment spam if I allow anonymous posting.

2. Should I allow anonymous posting?

3. If someone posts anonymously but doesn't put in some kind of 'handle' should I reject the post?

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

Comment Policy Comments

If you allow registered user comments to post without moderation, please be aware that a LOT of the comment spammers do their hit-and-run from a throwaway registered name. Thus allowing registered names to automatically post may let comment spam slide thru anyway.

Thus, if you want to prevent comment spam, and also ensure the posts do not violate your comment policy you really need moderation. Maybe you might be able to find someone here to help you with that.


Anonymous said...

Comment Policy:

It may be useful to you to require people to register to post a comment, then moderate their first few comments. After they have proven themselves trustworthy, allow their comments to go through without moderation. Just a thought.

-- ioctl

Anonymous said...

I find the wording in (26) troubling as Dr. J. is talking about "the computer", whereas elsewhere in this supplement he is talking about specific bits - ie: hard drive, external hard drive etc.

I do not know how significant this change in specifics is, BUT it makes ME think that Dr. J. is trying to slip something past closer scrutiny.

Anonymous said...


Tim Berners Lee said something like "sometimes the only thing that saves society is the graffiti on the wall"

Anonymous speech should be protected at all costs.

As for having lots anonymous posters, of I think you overstate the problem. Be thankful for comments at all.

I.e. someone has gone out of their way to write to you. So no need to look a gift house in the mouth.

If you have a technical problem, then it needs a technical solution not a policy or legal solution. Just use the IP address to track who everyone is and give automatic endings to the usernames, e.g. anonymous1 and anonymous2.

The fact your chosen blog provider gives you poor tools is your problem, don't make it ours.

Now back to those hard drives...


Anonymous said...

Please allow people to post anonymously. There's little doubt these blogs are monitored by RIAA, so naturally people don't want even the slightest trace to be left of their connectedness to the issue, just in case.

P.S. Only Paranoids Survive.

Anonymous said...

I disagree with the poster who said
"While not impossible, it is difficult and painful to install and run Windows-based programs from removable drives. "

For some Windows programs this is true, but there are many Windows programs that are trivially able to run from removable drives. See for a couple dozen examples.

Anonymous said...

After reading Dr. Jacobsons reports here is what this layperson comes away with.

Media sentrys logs point to an IP provided by Verizon who provided it to defendant.
Defendants computer was booted from an external hard drive running Win XP along with the Kazza program.

You don't create folders on an external drive :\documents and settings\etc\etc to store stuff.

The only "hard" evidence they seem to have is from Media Sentry and Verizon. Having that WMP history entry pointing to H:\Documents and Settings\etc\etc is bad news.



Anonymous said...

It's entirely possible to have an iPod or other media player used as a mountable disk drive and thus it would seem to be perfectly legal and possible to play music directly off a media player device while Windows itself would only recognize it as an external disk drive.

The fact that music was played from a hard drive that is no longer connected is hardly exceptional and not indicative of any wrongdoing whatsoever