Wednesday, February 27, 2008

Excellent article on Arizona cases in the Tucson Weekly

Great article in the Tuscon Weekly, on Arizona cases:

Thank You for Not Sharing

Arizonans are being forced to defend themselves against high-dollar illegal-music lawsuits filed by the Recording Industry Association of America


Deborah Weed would rather not be talking to a reporter or having her photo taken. The single mother would rather be focusing on her family, which she supports by working for a Phoenix construction company, surviving paycheck to paycheck.

Weed says she'd prefer to enjoy time with her daughter and granddaughter. Instead, much of her time is dedicated to a legal fight with the Recording Industry Association of America (RIAA).

In 2005, Weed and about 30,000 other Americans became part of what the RIAA calls its "tough-love" campaign, targeting music lovers who have allegedly shared or downloaded music illegally using the Internet.
Complete article

Keywords: digital copyright law online internet law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs intellectual property


Anonymous said...

My favorite part of the article is this quote:

"We have no way of knowing who is behind an IP address...." - Cara Duckworth, a spokesperson for the RIAA

Anonymous said...

That is truly an interesting thing for an RIAA flak to say, isnt it?


Anonymous said...

cranky guy -- I laughed too, but in context, it's just saying that they don't care who you are or what your financial situation is.

I also laughed at how MediaSentry unsurprisingly refused to return their calls over being a licensed investigator.

Anonymous said...


they don't care who you are or what your financial situation is.

Not true at all. If you're the son of a record company president, you'll get a strong talking-to in lieu of a lawsuit.


Anonymous said...

MediaSentry searches America's hard drives for music files being shared via the Internet.

I would call that statement into question. MediaSentry searches for music files available for any reason via the Internet. There's a difference.


Anonymous said...

I am a musician, composer, and have been designing computer networks since the late 1980’s. I was a top consultant for a major computer company, have worked as a network designer and implementer for a multinational, and have worked as technical support in an Internet Service Provider (ISP). I read this week’s article on the RIAA’s ongoing efforts to quash free use of the Internet. I see some technical holes in the way they are proceeding, and I hope some of the following is useful.

First, some background, Each computer connected to the Internet must have a unique TCP/IP address which identifies it . While it’s tempting to use the computer-as-telephone analogy, where the TCP/IP address is the equivalent of a telephone number, it breaks down almost immediately - because unlike a telephone number, an individual’s computer may have a different address every time they ‘make a call’ or connect to the Internet.

The RIAA’s watchdogs are dependent upon address discovery, and then pressure the ISP to provide the subscriber name and address based on the apparent TCP/IP address at the time of the alleged file-sharing offense. The onus is on the accuser to prove a specific subscriber had a specific TCP/IP address on a specific date or range of dates. This may prove to be difficult.

Each Internet Service Provider is assigned a range of addresses for their user base, and is responsible for assigning them. Keeping in mind that each system must have a unique address, there are two ways to assign TCP/IP addresses - ‘fixed’ and ‘DHCP’.

‘Fixed’ addresses are permanently assigned to the end user computer, as long as they are with that ISP. A fixed address is generally an extra-cost option. Because of this, each ISP keeps this information as part of a subscriber’s customer record. Only a tiny minority of ISP subscribers ever get a fixed or permanent TCP/IP address.

‘DHCP’ stands for ‘dynamic host configuration protocol’, and is a scheme where an end user system requests a TCP/IP address from a DHCP server computer, operated by the ISP. The ‘dynamic’ part of the name is where the RIAA’s identification process breaks down - because while DHCP addresses putatively have a ‘lease’, or period of time, such as 30 days, on the same system, this lease may be broken at any time, and the address reassigned.

Most end users these days are utilizing DHCP assigned addresses.

Dialup customers
While their bandwidth is too low for them to truly participate in any kind of P2P networking, their computers can receive a different TCP/IP address literally every time they dial into their ISP’s phone bank. These ephemeral address assignments are not generally stored by an ISP, in that they change constantly. So if a person accused by the RIAA is on dialup, it would be nearly impossible to prove they had a specific TCP/IP address on any specific date.

The two Arizona cable companies I am familiar with are Comcast and Cox. Neither of them offer fixed addresses, so all are DHCP assigned. It is possible to force a new address request assignment by simply powering one’s cable modem off and on. So it would be a simple challenge to the IT management of the cable company to prove a a specific subscriber had a specific TCP/IP address on a specific date or range of dates. Unless their record-keeping is superb, they will not be able to attest this.

In Tucson, Qwest offers DSL service over telephone lines. It is possible to have an ISP who leases DSL bandwidth from Qwest, such as Nationwide Internet ( In this case Nationwide does the assignment, and again, fixed addresses are an extra cost option, used by a tiny minority of subscribers. So most users have dynamic addresses. As with a cable modem, it is possible to trigger a new DHCP address assignment by simply powering the DSL modem off and on again.

There are two types of Wi-Fi hot spots - in the home or office, and in public locations. In the home, even if a (portable) computer is wirelessly connected, it is obtaining its TCP/IP address dynamically from the locale’s WiFi transponder (connected to cable or DSL) using an address range provided by their ISP. Standard DHCP.

Away from home, in public WiFi hotspots, the portable computer requests and receives a temporary address assigned from that locale’s range of TCP/IP addresses, and loses that assignment as soon as it is powered off or moved out of range of the WiFi transponder(s).


In summary, the vast majority of individual computers connected to the Internet are using temporary or dynamic addresses. While these dynamic assignments have ‘leases’, or spans of time, we’ve seen that it’s possible to get a different dynamic address at almost any time.

Since the RIAA depends upon connecting a specific address to a specific person, the obvious tactic would be to query the accused’s ISP closely regarding their policies and audit trail of these assignments. Even if the RIAA’s investigators (illegally?) break into a computer, guided solely by the TCP/IP address, and DO find shared music or movie directories, unless the computer is taken and contents examined as evidence, the connection between the computer and the person is provided solely by the ISP’s possibly-faulty audit archives. In most cases I believe the ISP will finally state that they have no way of really knowing if a specific individual happened to be using a specific DHCP assigned TCP/IP address on any specific date.

Tucson AZ

Anonymous said...

Following up on KM's analogies, instead of just pointing out how hard it is to ID a specific IP address is compared to a telephone number, you can make this analogy: A person is related to a telephone number as is an IP address is related to the number of a pay telephone that periodically moves to a different location at random intervals.

I still feel the telephone number analogy fails at this: call my home number and accurately tell me which of the 4 persons who reside here will pick up the handset. They still haven't bothered to really identify the computer they claim infringed/distributed/whatever beyond the shaky tag of an IP address, which should be fairly simple if they claim to have enough evidence to prove their case.


Anonymous said...


Very good summary of the state of Internet connection in Arizona, and generally the nation as a whole.

I note that you didn't even get into NAT, which is (to use the flawed analogy) like a whole bunch of extension phones all on the same IP, er phone, number. Just another level of complication to this whole mess, but with the way IPv4 addresses are getting used up, and IPv6 is still not ready for prime time, may have the cable companies NATing entire cable loops of a couple hundred subscribers each. Solve that one, MediaSentry.


Anonymous said...

>>I note that you didn't even get into NAT..

Absolutely. A bit too in-depth. I would posit that the RIAA's investigators wouldn't even know if NAT was being used behind a router or cable modem with a DHCP assigned address. Identification gets even shakier when there are multiple internal systems being routed through the device which rec'd the ISP's DHCP assigned address. Uh, which one?

I believe that there are huge holes in the RIAA's attempts to identify offending/P2P sharing individuals, even with craven ISP assistance, using TCP/IP addresses and online noms-de-web.

After all, our system of justice says the burden of proof is on the accuser, and that there should be no conviction if there's any doubt.. there's enough logic holes in the RIAA's investigations to obviate any convictions whatsoever.

I'd love to be available to a defending attorney in one of these cases, either as a background researcher, feeding the attorney pointed questions for the ISP, or as an expert witness. If anyone wishes to contact me for this or related issues, enter a reply to this with your email address.


Anonymous said...

KM, great post.

I do various tech support for a living, but I specialize in network and computer security. There's one thing I have yet to see mentioned in these cases.

The average computer is infested with large amount of spyware, viruses, and most importantly in regards to RIAA cases, spambots. A spambot gets its instructions from someone else (a "hacker" or spammer of various sorts) and sends spam on their behalf, by making the computer a proxy - effectively using that computer as a NAT - and using that person's internet connection for their own use.

I don't specifically know that any of the botnets made up of infected computers are doing this, but it would be trivially easy to use a infected computer as a proxy to download _and_upload_ to a p2p network.

Even if the ISP's records are perfect and the MediaSentry information of what IP address they saw they were connected to is accurate, there can still be a significant amount of doubt that the computer identified was actually the one sharing the music.