Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Analysis of MediaSentry Wins Music-Download Suit

Soulskill posted more than 5 years ago | from the somebody-call-jammie dept.

The Courts 51

An anonymous reader writes "A Dartmouth professor's analysis of MediaSentry problems helped win a New Hampshire woman's RIAA music-download lawsuit. 'Since all of Plaintiffs' claims are based on the assumption that MediaSentry's software and computer configuration are trustworthy and free of errors, and this log clearly represents a failure of the MediaSentry software to perform the operation it claims to describe, the reliability and validity of the MediaSentry method should be questioned,' wrote professor Sergey Bratus in his report, dated May 30. 'In my opinion, these materials leave critical aspects of MediaSentry's evidence collection process undocumented. In my opinion, they express unwarranted assumptions regarding both software and network technologies involved, and attempt to create an illusion of evidence-supported certainty where it does not exist.'" The full report (PDF) is available online. It's worth noting that this victory was not the outcome of a court ruling; rather, a settlement was reached that did not require the defendant, Mavis Roy, to pay anything to the RIAA.

Sorry! There are no comments related to the filter you selected.

No computer, no crime! (5, Interesting)

Geoffrey.landis (926948) | more than 5 years ago | (#28402527)

Interesting, In this one, unlike the Misisippi case, apparently the person sued by the RIAA "said she didn't have a computer in the house at the time."

Whereas in the other case, the computer itself was not an issue.

Legalese shenanigans always a mess (5, Insightful)

h00manist (800926) | more than 5 years ago | (#28402689)

Well, so now either the RIAA starts arguments that it needs to gain access to the address where the IP is registered to search the computer before the case, or everyone starts arguing they never had a computer, or that they had an open wifi access point, or other legal hairsplitting on either side. I'm all for beating the riaa in court, but I'd prefer that it _somehow_ led to a debate of the copyright and patent laws themselves, like the Pirate Party winning a seat on the European Parliament [cnet.com] , or a debate on proper amount of punitive damages [zdnet.com] the US law allows for, the RIAA reputation, etc. The Jammie Thomas-Rasset [google.com] case is being pretty helpful.

Re:Legalese shenanigans always a mess (4, Insightful)

the_humeister (922869) | more than 5 years ago | (#28403103)

The Jammie Thomas-Rasset [google.com] case is being pretty helpful.

It's helpful for everyone but Jammie Thomas-Rasset. Seriously, when you get a case brought upon you by the RIAA, you'd rather win and get on with your life rather than have to pay those bastards $1.9 million in installments until you die.

The Bands need to be asked.. (1)

ImNotAtWork (1375933) | more than 5 years ago | (#28413613)

I would like to get the bands comments on whether they thought the Thomas-Rasset judgment was fair. The RIAA is apparently representing them and going after citizens for as much as the law allows.. even if it were 150K per song. Do these bands (other than Metallica who has chosen their side already when speaking to congress) really want to be associated with the financial ruin of people who might like their songs?

I will draw a correlation to Kathy Lee Gifford http://www1.american.edu/ted/kathylee.htm [american.edu] and other celebrities finding out their named products being built with child labor in sweat shop conditions. Do you continue to let it happen or do you speak out against it? Do you discontinue your association with the RIAA? The fans and press need to pressure bands for an answer.

well before posting I looked up Metallica and they have apprantly changed their view and look to be ending their association with Warner Music. http://www.zeropaid.com/news/9440/metallica_now_embraces_filesharing/ [zeropaid.com]

Re:Legalese shenanigans always a mess (1)

Sabriel (134364) | more than 5 years ago | (#28414319)

It's helpful for everyone but Jammie Thomas-Rasset. Seriously, when you get a case brought upon you by the RIAA, you'd rather win and get on with your life rather than have to pay those bastards $1.9 million in installments until you die.

Is the debt passed to her estate when she dies? I wouldn't want to "inherit" that...

Re:Legalese shenanigans always a mess (2, Interesting)

sabt-pestnu (967671) | more than 5 years ago | (#28428847)

IANAL. Let's say that first, shall we?

Assuming she didn't declare bankruptcy, the estate would be reduced by the amount of the debt. If the estate could not cover the debt, it would be declared insolvent. Here's one answer [answers.com] with respect to credit card debt.

Beyond that, the reasonable extension is "the estate declares bankrupcy". Not even moths-in-the-wallet. Unless there was some contract specifically including the inheritors (as in the case of credit card debt on a joint account), I believe the debt is not inheritable.

Re:Legalese shenanigans always a mess (4, Insightful)

Runaway1956 (1322357) | more than 5 years ago | (#28404623)

I tend to agree with you. But, it is necessary to destroy the credibility that RIAA enjoys in court, as well as arguing the more fundamental aspects of "fair use" and "First sale", and more. I read the PDF, and it thoroughly destroys Media Sentry as a "forensics" tool, or even as a data gathering tool. More, the paper demonstrates that the people using Media Sentry to gather data don't even understand the data they are gathering, nor how to verify that data. In short, it makes idiots of everyone at RIAA, starting with the talking suits who brag their software up, right down to the "technicians" who are busting people on the web. Credibility and/or the lack thereof, means an awful lot in any court. When was the last time a judge took your word over that of a cop? This is the problem we have right now. RIAA presents itself in court as a freind of the court, and as an enforcer. It's all entirely improper, of course, but they currently get away with it.

Re:Legalese shenanigans always a mess (1)

TapeCutter (624760) | more than 5 years ago | (#28405103)

"When was the last time a judge took your word over that of a cop?"

1979 - But that was only because I was bullshitting and the cop honestly answered the question "Was I wearing sunglasses?" with "I don't recall".

Re:No computer, no crime! (1)

Wowsers (1151731) | more than 5 years ago | (#28403015)

Interesting, In this one, unlike the Mississippi case, apparently the person sued by the RIAA "said she didn't have a computer in the house at the time."

Ah ha, so she had a radio and not a computer? The RIAA will sue anyone for listening to music "for free"!

Re:No computer, no crime! (1)

Hurricane78 (562437) | more than 5 years ago | (#28403193)

Wait for the MediaSentry ProtectionSquad to invade the house and plant a computer in there. Some tiny laptop.

And wait for the following lawsuit needing a professor, before it comes clear that the laptop was built after the start of the original lawsuit. ;)

Re:No computer, no crime! (1)

sabt-pestnu (967671) | more than 5 years ago | (#28429015)

Don't be silly. There are plenty of un-wiped laptops on Ebay!

Trust? (-1, Offtopic)

thogard (43403) | more than 5 years ago | (#28402569)

What does this say about Safenet's crypto cards that they are trying to push into banking situations? Their crypto card is something like 4 times the price of Sun's.

Re:Trust? (-1, Flamebait)

Anonymous Coward | more than 5 years ago | (#28402589)

Hey douchebag, what does banking and crypto cards have to do with RIAA lawsuits? It's helpful if you know what the discussion is about before you post in it.

Legal not Technical (0)

B_SharpC (698293) | more than 5 years ago | (#28402949)

It's a legal issue not technical. Pirate a person's bank account money and the law comes after you. Pirate others tax refunds and the State comes after you. Crypto only slows down the crook and raises the cost of theft.

The State's main purpose is to stop fraud and force. Where ever the State wants, they halt theft. Otherwise, they are getting a cut of the action.

You cannot post a long list of bank account numbers and passwords without the State stopping you. Corporate banks have more weight than record companies.

Legal not technical.

Re:Legal not Technical (2, Insightful)

fishbowl (7759) | more than 5 years ago | (#28403255)

>Corporate banks have more weight than record companies.

In matters of copyright infringement, banks and record companies enjoy equal protection even though they have different risks.

In matters of theft, banks and record companies enjoy equal protection even though they have different risks.

Theft and Copyright Infringement are protected by different laws. Banks and record companies are protected by the same laws.

Of course a settlement was reached (5, Insightful)

RichMan (8097) | more than 5 years ago | (#28402603)

Do you think the RIAA wants to get a Judge to rule on that evidence?

What would happen to the other cases/business model if media sentry's data collection was ruled not a secure chain of evidence path?

Cockroaches fear the light.

Re:Of course a settlement was reached (1)

Brian Gordon (987471) | more than 5 years ago | (#28402773)

Well the defendant didn't have to accept the settlement. Not that I blame her; the legal battling hasn't exactly worked out for Thomas.

Re:Of course a settlement was reached (1)

rhizome (115711) | more than 5 years ago | (#28402941)

Not that I blame her; the legal battling hasn't exactly worked out for Thomas.

Bit of a generalization don't you think, based on one piece of data?

Re:Of course a settlement was reached (2, Interesting)

Brian Gordon (987471) | more than 5 years ago | (#28403513)

Like someone staring down the barrel of a multi-million-dollar judgment cares..

Re:Of course a settlement was reached (1)

e9th (652576) | more than 5 years ago | (#28402881)

It depends on the judge. I remember a case where a judge ruled that data that was "stored" only in volatile RAM, no matter how short the time, and never never making it to any backing store, was "stored data" and had to be retained. Think routers. The case didn't depend on that ruling, but it goes to show how that where technology is concerned, judges can make foolish decisions.

Re:Of course a settlement was reached (0)

Anonymous Coward | more than 5 years ago | (#28403413)

that was the torrentspy case.

carry on.

Re:Of course a settlement was reached (1)

Hurricane78 (562437) | more than 5 years ago | (#28403217)

Well, I would certainly counter-sue. With a ton of charges, including being a mafia, Internet terrorism, and being an enemy of the state. Something will stick. :D

Me? (3, Insightful)

arizwebfoot (1228544) | more than 5 years ago | (#28402655)

that did not require the defendant, Mavis Roy, to pay anything to the RIAA

Sometimes, life is good and all is right in the heavens.

Fighting fire with dynamite (4, Interesting)

TitusC3v5 (608284) | more than 5 years ago | (#28402737)

Is there any chance that MediaSentry's practices are a violation of some provision within the DMCA?

Re:Fighting fire with dynamite (1)

bertoelcon (1557907) | more than 5 years ago | (#28404871)

I would like to think that it might have some loophole somewhere that its running around, but it may be blatantly breaking the DMCA and none have challenged it.

It kinda seems a cop speeding to pull someone over, the cop is breaking the law by speeding, but has a duty to fulfill in catching someone else.

Re:Fighting fire with dynamite (0)

Anonymous Coward | more than 5 years ago | (#28421413)

You may be right, but these cases are civil, not criminal. You cannot chase someone who passed you on the highway at 100 MPH to do a citizen's arrest. A cop can.

MediaSentry doesn't have a duty to enforce anything. It gets a check from private companies for detecting copyright infringement and is covered by the DMCA as much as you and I are.

Re:Fighting fire with dynamite (1)

The Angry Mick (632931) | more than 5 years ago | (#28422759)

It kinda seems a cop speeding to pull someone over, the cop is breaking the law by speeding, but has a duty to fulfill in catching someone else.

A cop is lawful representative appointed by a governing authority. MediaSentry is a corporation; unelected, unregulated, and, in quite a few states, banned from operation. It should have no enforcement capabilities at all.

What we are witnessing is a private industry adopting a vigilante approach to law enforcement, simply because it doesn't like what the law allows.

One thing to remember (4, Interesting)

techno-vampire (666512) | more than 5 years ago | (#28402797)

This is an out-of-court settlement, not a ruling by a judge. It doesn't set a precedent to be used in later cases. I'd almost bet money that as soon as the RIAA's landsharks found out what the professor's report said, they fell all over themselves offering a settlement to make sure it never came up in court. That means that they can continue to use the same type of "evidence" in other cases and hope the defendant caves.

Re:One thing to remember (4, Interesting)

Xest (935314) | more than 5 years ago | (#28404455)

It also means the word needs to be spread on this so that everyone can challenge the RIAA in the same way forcing them to either accept complete defeat or allow it to be tried in court and er, end up being forced into accepting defeat.

I've always wondered why this sort of defence hasn't been tested before. Effectively all MedaSentry are providing is a screenshot and/or text files showing that their IP was being used for downloading copyright material. Of course, generating such a screenshot in photoshop that is impossible to tell apart from an authentic screenshot is trivial, similarly any old joe can knock together a text file that suggests such and such an IP was downloading some data at a certain time.

Hell you don't even have to do that, you could create an offline network setup to mimic the IPs involved in the first place.

This is the problem I have with computer crime cases in general, and in fact, even computer forensics. Even if you confiscate a PC and do DNA analysis on the keyboard to see if person x is the guy who use this computer to commit crime y can you ever reall prove someone didn't just plug a different keyboard in the computer to commit the crime?

There's a need to catch criminals who use computers for sure, but I'm concerned in computer crime cases the level of evidence required is so rediculously weak, and so easily rigged or faked compared to normal crimes that if it continues I wouldn't be suprised if we end up with a plethora of wrongful convictions coming to light over the next few decades. Of course, companies like MediaSentry are only degrading the level of "evidence" that is apparently acceptable too - if we can't really, truly prove people guilty in many computer crime cases from forensic analysis when you have access to the physical machine what kind of joke is it if you're going on an IP address and nothing more?

I hope eventually as judges and politicians become more IT literate this trend reverses, if it doesn't then it's going to be a sad future for justice as the level of evidence becomes ever weaker yet the use of electronic devices and hence the amount of electronic crimes increases. We're going to end up with a lot of innocent people in jail.

Spy sappin' my MediaSentry (1)

The Mu (1133913) | more than 5 years ago | (#28405807)

You have a point; records can be falsified. But you always have to have some faith in the evidence. If the DNA lab says that the victim's blood was found on your clothing, you can't just cry out "the records were falsified" without good reason to believe so.

In this case, there's no reason a company like MediaSentry (even being the dicks that they are) would bully a poor woman arbitrarily. The focus of the lawyer was (rightly) to show that the MediaSentry records were not tampered with in bad faith, but were grossly inaccurate.

If you don't trust any evidence, there can be no justice.

Re:Spy sappin' my MediaSentry (2, Informative)

TheRaven64 (641858) | more than 5 years ago | (#28409165)

If the DNA lab says that the victim's blood was found on your clothing, you can't just cry out "the records were falsified" without good reason to believe so.

Actually, you can. It is the responsibility of the forensic expert to demonstrate that there is a proper evidence chain and that every piece of software and hardware employed is approved for use in gathering evidence and can be held to the required standard. This is part of the reason why computer forensics evidence is expensive to obtain. Every step of the procedure has to be documented. MediaSentry didn't do this, they just ran a proprietary, unreviewed, uncertified, program and said 'look, magic 8-ball says this person did it! Trust us, we're experts!'

Re:One thing to remember (1)

sam0737 (648914) | more than 5 years ago | (#28410651)

The bar for civil case is much lower than criminal case. For civil case it is base on balance of probability.

Photoshop? Fake internal network? If that's the case it's simply equal to providing fake testimonial and evidence...everyone are supposes to not doing that because they have sworn-in, right? I mean, the professor is challenging about the accuracy of the evidence, not that they are created-out-of-nothing intentionally. These two are very different.

Re:One thing to rememberCALLING NYCLawyer (1)

Nom du Keyboard (633989) | more than 5 years ago | (#28405067)

they fell all over themselves offering a settlement to make sure it never came up in court.

Well it's out in the wild now. Can New York County Lawyer's blog broadcasting this to the world be far behind?

Too bad this didn't get out a week earlier to help Jamie Thomas.

Who in their right mind would pirate these songs? (2, Funny)

Sirusjr (1006183) | more than 5 years ago | (#28402835)

The article states that she was sued for downloading 218 songs from Lionel Ritchie, Jay-Z, the Ruff Ryders and other artists. Talk about music that no person in their right mind would bother pirating. I guess as long as I stick to downloading heavy metal, J-pop, Movie soundtracks, and other things I won't have to worry about a suit.

Re:Who in their right mind would pirate these song (2, Funny)

Anonymous Coward | more than 5 years ago | (#28403479)

I guess as long as I stick to downloading heavy metal, J-pop, Movie soundtracks, and other things I won't have to worry about a suit.

.. or friends ..

(tiptoes away quietly)

Re:Who in their right mind would pirate these song (1)

Sirusjr (1006183) | more than 5 years ago | (#28413489)

What the hell is wrong with you? Do you seriously choose your music based on popularity? The important thing is that you are enjoying what you listen to.

Re:Who in their right mind would pirate these song (2, Insightful)

91degrees (207121) | more than 5 years ago | (#28404971)

Talk about music that no person in their right mind would bother pirating.

Why not? I mean if you have taste that means that you enjoy music by these people, then it makes a lot of sense to download them. Or are you passing judgemtn on someone because their music tastes happen to be different from your own?

Let me be the first to say... (0)

Anonymous Coward | more than 5 years ago | (#28402875)

Hurray! Hurray!
Hope all RIAA victims take notice and follow suit.

Rate (1, Informative)

Anonymous Coward | more than 5 years ago | (#28403033)

Holy shit, 100$/hour for writing that, 200$/hour for being in court!

RoyMNH0977 post (4, Interesting)

Windrip (303053) | more than 5 years ago | (#28403091)

Re: traceroute logs:

It is apparent from the log that the operation has failed for the MediaSentry software, as the log shows neither the addresses nor names of the intermediary hosts nor realistic timings of packet round-trips between them and the MediaSentry computer. The fact that this standard operation has failed suggests flaws, or "bugs", in either the MediaSentry software, or in its system or network congurations, or both.

Karma for the post of this log. That should provide a few minutes of fun. I can only image what Dr. Bratus thought when he saw it.

Re:RoyMNH0977 post (1)

MojoRilla (591502) | more than 5 years ago | (#28405555)

I did a bunch of searching and couldn't find the actual traceroute, so I don't totally understand what was bad about it.

However, it is not at all surprising that the trace failed. Routing ICMP (which is the protocol traceroute uses) isn't required, and is a security concern.

And, given this was for evidence, Media Sentry should have used a tool like tcptraceroute [wikipedia.org] .

Re:RoyMNH0977 post (1)

whoever57 (658626) | more than 5 years ago | (#28406211)

However, it is not at all surprising that the trace failed. Routing ICMP (which is the protocol traceroute uses) isn't required, and is a security concern.

Uh, NO! The normal implementation of traceroute uses UDP.

Re:RoyMNH0977 post (1)

TheRaven64 (641858) | more than 5 years ago | (#28409183)

Routing ICMP (which is the protocol traceroute uses) isn't required, and is a security concern

You are confusing traceroute with ping. A typical traceroute implementation sends a UDP packet with a time to live of 1 to a host. It then gets a 'TTL exceeded' error reply from a host one hop away and resends the packet with a TTL of 2. Eventually, it gets a reply from the destination address, and stops. You can do the same with TCP ACK packets, which helps for some firewalls configured by idiots which drop all UDP packets, but I don't know of any consumer-grade equipment which does this by default.

Re:RoyMNH0977 post (1)

TheRaven64 (641858) | more than 5 years ago | (#28409195)

And, when I say ACK, I mean SYN. Not awake yet today...

Re:RoyMNH0977 post (1)

MojoRilla (591502) | more than 5 years ago | (#28411947)

traceroute sometimes uses UDP, but always uses ICMP. Read up on traceroute [wikipedia.org] . While it gets kicked off with a UDP packet (although sometimes it uses a ICMP ECHO instead), the error packets that return come back via ICMP, which is often not routed for security reasons. tcptraceroute does use SYN packets instead, and should have been used in this case.

`failzo8s (-1, Troll)

Anonymous Coward | more than 5 years ago | (#28403333)

Bad PR? (1)

missileman (1101691) | more than 5 years ago | (#28405367)

Maybe the RIAA don't want the PR?

I don't think it would look good for them winning a settlement of *quick maths*.. 214 songs by $80000 equals 17.4 million dollars so soon after the Jamie Thomas-Rassett verdict.

court (1)

benicillin (990784) | more than 5 years ago | (#28406589)

they wont be bringing suit in that court again...

Finally! (4, Insightful)

rahvin112 (446269) | more than 5 years ago | (#28408193)

The professor brings up the clear point I advocated in the first question to slashdot. There is no evidence whatsoever that Mediasentry had atomic calibrated clock information and the ISP did as well. All this evidence is based on a time stamp that could be anything, not to mention the role of Timezones. Without calibrated times at both the ISP and MediaSentry there is no validity to the evidence.

Re:Finally! (2, Interesting)

TheRaven64 (641858) | more than 5 years ago | (#28409187)

Depends on the ISP. Mine doesn't reassign IP addresses very often; I've had the same one for two years no. If they get an IP address and a timestamp synchronised to the nearest year then it's sufficiently valid.

Taking extortionists to court? (0)

Anonymous Coward | more than 5 years ago | (#28411241)

Shouldn't there be a way to take to court extortionists who make their living by relying on their victims not being able to get adequate legal representation?

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?