×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Judge Orders Piracy Trial To Test IP Address Evidence

Soulskill posted about a year and a half ago | from the your-computer-is-broadcasting-an-ip-address dept.

Piracy 321

another random user sends word of a case in Pennsylvania District Court in which Judge Michael Baylson has ordered a trial to resolve the issue of whether an IP address can identify a particular person. The plaintiff, Malibu Media, has filed 349 lawsuits against groups of alleged infringers, arguing that getting subscriber information from an ISP based on an IP address that participated in file-sharing was suitable for identification purposes. A motion filed by the defendants in this case explains "how computer-based technology would allow non-subscribers to access a particular IP address," leading Judge Baylson to rule that a trial is "necessary to find the truth." "The Bellwether trial will be the first time that actual evidence against alleged BitTorrent infringers is tested in court. This is relevant because the main piece of evidence the copyright holders have is an IP-address, which by itself doesn't identify a person but merely a connection. ... Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

321 comments

IPs parallel the discoverable world (-1)

nerdfiles (898333) | about a year and a half ago | (#41603543)

If DNA can, why not IP? Is this a question of fact or law?

Re:IPs parallel the discoverable world (5, Insightful)

eqisow (877574) | about a year and a half ago | (#41603577)

People can share IP addresses, but only twins share DNA?

Re:IPs parallel the discoverable world (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41603609)

Your DNA can get nearly anywhere very easily. If you get unlucky, you could be framed for a crime or at least it will appear that you did the crime.

DNA isn't as accurate as some make it out to be.

Re:IPs parallel the discoverable world (5, Interesting)

shaitand (626655) | about a year and a half ago | (#41603947)

Not only that, but the current testing methodology is questionable. Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this. The statistical probabilities given that someone has the same DNA are based on the completely unsupported assertion that there is no genetic relation between these markers.

Not too many people have katana's, not too many people keep chopsticks in their silverware drawer. So you could argue that someone having both these things makes it highly unlikely the suspect is the killer. In reality, I'd venture most everyone with a katana also has chopsticks. Having both is slightly more statistically unique than having one but it is nowhere near as distinct as the individual probabilities of having these items would suggest. The same may well be true of these markers or of certain value combinations of them.

I wouldn't buy something based on a companies claim of statistical success because it is too easy to use selective information and to spin results. Why are we using this same kind of data to send people to prison.

Re:IPs parallel the discoverable world (2, Interesting)

AK Marc (707885) | about a year and a half ago | (#41604291)

The DNA tests are fine. The problem is that too many people watch CSI and don't know what statistics mean.

Instead of matching the whole DNA sequence, they use a series of markers that a private company decided uniquely identifies a person. There is no evidence to support this.

What private company? And nobody has asserted that it matches a unique person, but that it's a 99.something% match. Run that through a database containing everyone on the planet, and you get a few million positive hits, all but one an error. But that's great reliability. If you run it against the top 10 suspects, then you have better than a 99% chance it's the one that you got the match on. That's enough for a conviction, in most cases.

Re:IPs parallel the discoverable world (4, Funny)

LordLimecat (1103839) | about a year and a half ago | (#41604031)

But at least DNA doesnt change every 2 weeks.

Re:IPs parallel the discoverable world (2, Interesting)

Anonymous Coward | about a year and a half ago | (#41604281)

But at least DNA doesnt change every 2 weeks.

Logs will show who had which IP at which time. This is a non-issue.

I want to believe the court will rule that IP addresses don't prove which person used the equipment which held the address. It is consistent with how we treat cars, license plates, and drivers. Your plate is not enough for say a traffic offence, because you may not have been driving.

But I just can't justify faith in the system anymore. Honestly if I was going to bet a large percentage of my money on this, I would bet on the most authoritarian or fascist outcome possible. I would bet that the copyright cartels will get their way, even if the judge is fully aware this will result in innocent people being blamed for infringement they didn't actually do. Sadly I would probably win that bet. The courts have long ago decided that elaborate legal theories are more important than preserving and defending liberty.

I guess judges assume they are in the ruling/political class so the fascist laws they keep validating will never be used against them personally? That makes it okay, right? Somehow, in their minds? Just like so many politicians assume the massive debt won't be a real problem until long after they're out of power, so that makes it okay to them. The lowest worm or maggot is better than these people because it can't help being what it is. These people choose to be what they are.

Re:IPs parallel the discoverable world (1)

Anonymous Coward | about a year and a half ago | (#41604299)

Your plate is not enough for say a traffic offence, because you may not have been driving.

I should have made the reference more clear. This came up when red-light cameras became more common. People would often get out of the tickets because the camera only caught the plate, there was no photo showing who was driving. Like a car, a router holding an IP address can be used by multiple people. Unlike a car, said router can be used by many people _at the same time_. That alone isn't proof of who did what.

Re:IPs parallel the discoverable world (5, Funny)

Ambiguous Coward (205751) | about a year and a half ago | (#41603703)

People can share IP addresses, but only twins share DNA?

Eww, incest is gross.

Re:IPs parallel the discoverable world (0)

shaitand (626655) | about a year and a half ago | (#41603965)

Lame joke. There is nothing gross about two hot twins going at it or a 3way with the same. Arguably the hottest thing ever.

Re:IPs parallel the discoverable world (-1)

Anonymous Coward | about a year and a half ago | (#41604167)

Only if the two hot twins are female. Otherwise, faggotry is gross.

Re:IPs parallel the discoverable world (1)

Anonymous Coward | about a year and a half ago | (#41604123)

NATcest is best!

Re:IPs parallel the discoverable world (2)

pwizard2 (920421) | about a year and a half ago | (#41603597)

Faulty analogy. I could temporarily use your internet connection to download something if you leave your wifi unsecured (or inadequately secured... for those who still use WEP). I can't hijack your body and use it to commit a crime that can be traced back to you through DNA evidence.

Re:IPs parallel the discoverable world (4, Insightful)

neonmonk (467567) | about a year and a half ago | (#41603651)

Yes you can. You can easily 'hijack' DNA from someone and plant it at the scene of your crime. Hair clippings, skin flakes, spit. You could even use it to commit the crime if you so desired, but you'll need a fair bit of hair to choke a full grown man. Could be fun though.

Re:IPs parallel the discoverable world (1)

Cute and Cuddly (2646619) | about a year and a half ago | (#41603819)

Even WPA2 can be broken into. there is little security with WiFi. I do not care too much as my machine is secured (I run linux and the machine has been hardened to stop script kiddies), so I do run wifi with WPA2 and also require MAC address authentication, but I know thta if my machine were a commercial machine with trade secrets, I would have to remove the wireless card.

Re:IPs parallel the discoverable world (0)

Anonymous Coward | about a year and a half ago | (#41603841)

Plus, you don't even need to actually download anything to frame someone, as can be seen here: http://dmca.cs.washington.edu/ [washington.edu].

Re:IPs parallel the discoverable world (1)

Anonymous Coward | about a year and a half ago | (#41603969)

Great tactic. MAC addresses are bulletproof and can in no way be spoofed.

Re:IPs parallel the discoverable world (5, Informative)

LordLimecat (1103839) | about a year and a half ago | (#41604057)

MAC authentication is absolutely, literally, worthless from a security standpoint if you are using WPA2. Anyone who has the capability to crack WPA2 will necessarily have the ability to impersonate your MAC-- it is, I believe, a requirement to mount an attack against WPA2 in the first place. The fact that you have MAC auth turned on would probably not even be noticed by an attacker, and if it were, it would take all of about 5 seconds to get around.

Re:IPs parallel the discoverable world (2)

Fjandr (66656) | about a year and a half ago | (#41603957)

Usually, DNA is enough to strongly link a person or persons to a scene, just like usually an IP is strong enough to link a person or persons to a scene.

Whether there's anything more than a correlation between those links is part of the job of law enforcement and the judiciary to sort out.

There are also many cases where there are strong doubts regarding the link between DNA or IP and a person being more than happenstance in a given situation.

The analogy is far better than many seen on Slashdot.

Re:IPs parallel the discoverable world (4, Interesting)

LordLimecat (1103839) | about a year and a half ago | (#41604081)

The problem is NAT and DHCP, for which there are no parallels for with DNA.

NAT means that multiple individuals can share a single public IP, and short of the home router having logs, there is no way to differentiate between the computers behind the router based on their public IP.
DHCP means that not only might someone else have had your IP yesterday, but you might not even have your IP tomorrow, and the private IPs behind the NAT will likely shift as well.

Combined, the two of them MIGHT make an IP address sufficient for probable cause, but definitely not as a unique identifier.

Re:IPs parallel the discoverable world (1)

AK Marc (707885) | about a year and a half ago | (#41604301)

NAT only works if they are on your network. Why are they on your network? And DHCP means nothing. Most carriers don't use DHCP. PPPoE and such, maybe. And they know what IP you had at the time of the "offense". There are things called "logs". The lumberjacks roll on them in rivers.

Re:IPs parallel the discoverable world (1)

morcego (260031) | about a year and a half ago | (#41604217)

I can't hijack your body and use it to commit a crime that can be traced back to you through DNA evidence.

You are right. YOU can't do it. You are so lame.

Re:IPs parallel the discoverable world (5, Insightful)

bonehead (6382) | about a year and a half ago | (#41603601)

From the comfort of my living room I can connect to no fewer than 6 access points that don't belong to me. 2 more if I wanted to take 5 minutes to crack a few WEP passwords. If I had a mind to I could use them to download movies, music. If I really wanted to cause trouble there are plenty of worse things I could do.

There would be absolutely no way to trace that activity back to me, and the people taking the blame would be guilty of no other crime than not understanding how networks operate.

Spoofing another person's DNA would be *slightly* more challenging.

Re:IPs parallel the discoverable world (1)

Anonymous Coward | about a year and a half ago | (#41603685)

"There would be absolutely no way to trace that activity back to me,"

Some routers/firewalls do log the MAC address, so they COULD trace it back to you.

Re:IPs parallel the discoverable world (4, Interesting)

mellon (7048) | about a year and a half ago | (#41603769)

The MAC address is only available on the home router. Home routers tend not to log this kind of information, because it would involve infrequent writes of small amounts of data to flash storage, which is a really great way to make it fail quickly. So in pretty much any case where the network wouldn't be secure, there would be no record of the MAC address.

Also, it's trivial to spoof a MAC address. E.g., just run bittorrent in a vmware virtual machine, and then blow it away when you're done—evidence gone, and the log will show that you are innocent.

The bottom line is that trusting IP addresses as personal identifiers is a really bad idea, which causes a great deal of social harm for a very small social benefit.

Re:IPs parallel the discoverable world (0)

Anonymous Coward | about a year and a half ago | (#41603779)

MAC addresses can be spoofed very easily. Even if it isn't spoofed, MAC addresses generally can't be traced, they can only be used to confirm a match once the suspect has been traced by other means.

Re:IPs parallel the discoverable world (1)

LordLimecat (1103839) | about a year and a half ago | (#41604105)

They really cant confirm anything without a router or switch log. MAC address info doesnt leave the local subnet, and is simply not accessible from behind a home router.

Re:IPs parallel the discoverable world (2)

bonehead (6382) | about a year and a half ago | (#41604033)

Some routers/firewalls do log the MAC address, so they COULD trace it back to you.

Bullshit. If I was going to use someone else's Internet connection for illegal activities, don't you suppose it might be a good idea to take 2 seconds to run a script that will switch me to a randomly generated MAC?

The only way to get caught would be for someone to pin down the radio signal while the connection was in process. Once the activities were complete, there would be no traceable evidence to be had.

Re:IPs parallel the discoverable world (5, Informative)

bonehead (6382) | about a year and a half ago | (#41604109)

In fact, if a person wanted to be really nasty about it, the following would be trivial to do:

1.) I passively monitor your WLAN in the evening.
2.) In the morning you leave for work, taking your laptop with you.
3.) I assign YOUR mac address to my pc and go about my illicit business.

Police come knocking on your door, check log files if your router has them, and right there in the logs is YOUR mac address from YOUR laptop correlated with the illegal activity.

Anyone who understands wireless networking, even a little, should know that the thought of an IP address being considered legal proof of identity is an absolutely TERRIFYING concept.

Re:IPs parallel the discoverable world (1)

LordLimecat (1103839) | about a year and a half ago | (#41604089)

most that do lose it on reboot. You would specifically need to configure the device to have correct date/time (which I doubt most do), and specify nonvolatile storage for the logs (which Im quite sure most dont do).

Re:IPs parallel the discoverable world (2)

girlintraining (1395911) | about a year and a half ago | (#41603907)

and the people taking the blame would be guilty of no other crime than not understanding how networks operate.

Actually, they may understanding completely how networks operate, but have a device that requires the use of WEP (older wifi-enabled printers, anyone?). Don't assume that because something isn't secured to some arbitrary amount that the person who secured it was uneducated.

Also, there is some data left behind that could link it to you: Until the router is rebooted, it will probably maintain an ARP record (if not also a DHCP lease) in the memory of the device. That record will contain the MAC address of your wifi card, and possibly your computer name as well. People can and have been busted for this when, say, sending a death threat to the President. It turns out, the secret service does know a thing or two about this, and they pride themselves on doing anything necessary to find you, even if that means confinscating every computer in a given radius of that wifi router and comparing trace records to forensic data on each computer. Oh, and incase you're wondering -- as a matter of fact, no, the 4th amendment doesn't really apply when it comes to death threats against the president. Or any other law for that matter... they will find you.

Re:IPs parallel the discoverable world (2, Insightful)

LordLimecat (1103839) | about a year and a half ago | (#41604137)

ARP records are flushed periodically, and arent really meant for logging. Theyre stored in RAM in basically every OS AFAIK, and would be lost on reboot. ARP records would NOT contain your computer name-- only IP and mac-- but thats not even foolproof. While the MAC address of a NIC can be tedious to alter, it is absolutely trivial to poison an arp cache so that bogus information appears in the cache.

The idea that ARP caches have been used to bust people I find rather hard to believe, since ARP is a layer 2 protocol and would not be leaked when sending ie a death threat to the president-- once those packets hit your router, the layer 2 information is stripped out and rewritten with the router's own info, which is then stripped and rewritten at the next hop. Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.

Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence, there would be no way from a network standpoint to prove whether the owner of that connection had actually committed the crime in question.

Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.

Re:IPs parallel the discoverable world (3, Informative)

bonehead (6382) | about a year and a half ago | (#41604161)

While the MAC address of a NIC can be tedious to alter

1.) Boot a backtrack iso
2.) Run macchanger -r eth0

There you go, you're now operating under a randomly generated MAC address.

Not too tedious, IMHO.

Re:IPs parallel the discoverable world (3, Insightful)

girlintraining (1395911) | about a year and a half ago | (#41604305)

ARP records would NOT contain your computer name

*facepalm* I also mentioned the DHCP lease data, which would. You missed that.

The idea that ARP caches have been used to bust people I find rather hard to believe, since...

Since you can't imagine a death threat being sent and then the secret service not showing up ASAP? You think they just sit around going "hmm, should we deal with this now, or after tea and crumpets?" No -- their response time is in hours. It's a job requirement that their sense of humor be surgically removed. The ARP data will likely still be in RAM, and yes, you crack open the device, and then remove the ram (or hook clips up to the debugging ports, etc., while it is powered on), chill it, and transfer it to a reader device to extract its contents. This is not theoretical: This has been proven, the people who wrote TrueCrypt describe this particular attack in great detail in their disclaimers and limitations documentation.

And yes, there are workarounds, there are always workarounds... But are dozens of things you need to do to cover your trail, and each of those things that you do reduce the pool of potential suspects. As well, you aren't considering the other evidence that may be available -- a witness to your car being parked outside a few hours before the guys with shotguns showing up, for example. The home security camera on the neighbor's house you didn't notice. The ANPR system of the gas station you drove by on the way to the street you parked outside of. The list goes on.

Only layer 3 information survives, and only until it hits a NATting router at which point that, too, is stripped.

Yes, congratulations, you have a basic understanding of protocols. But you apparently don't understand implimentation of them in hardware, software, and firmware very well, and you're even worse at looking at the total system -- which includes things like statistical analysis, looking at words and speech patterns, timing delays in the data, other data your computer may accidentally chirp (like windows update, which sends a GUID). There's a hundred ways they can hang you -- and you only need to screwup once. Even NAT leaves traces in memory -- All it requires is a single missed ACK during the close of a TCP session, or sending any UDP data, and the state table data may remain there for minutes, hours, even days. Many NAT implimentations in firmware have problems with memory leaks caused by faulty code. Guess what's in the leak?

Cases where people are busted tend to involve ISPs who can pull up logs of who owned what public IP, and that then leads to a warrant which allows a physical search, leading to incriminating evidence on the home computer. But in the absence of such evidence...

All ISPs are required by law to store that data; They have had to for years. Also, the government has been consolidating existing wiretapping efforts into a supermassive data center intended to store detailed and comprehensive records of all communications on the internet domestically. They don't necessarily need the ISP's assistance -- though it may speed up the execution of a search warrant.

Yes, the 4th amendment still applies, but that doesnt mean a warrant cannot be issues. The 4th amendment specifically lays out circumstances in which your "right to be secure in person, houses, papers, and effects" may be violated.

You made a terroristic threat. Maybe you missed the memo, but since 9/11, all you need to do is mention the word 'terrorist' and you have no civil rights. They're detaining people in Guantanamo and elsewhere in the world without trial or charges being brought against them. A guy who merely accidentally bumped into the President spent several months in jail without a trial just last year. A government that has spent many trillions of dollars and bankrupted itself to protect against terrorism is not going to be held up by some internet critic's interpretation of the fourth amendment. The word "unreasonable" will be made to be amazingly elastic if you decide to attempt the aforementioned crime.

Re:IPs parallel the discoverable world (0)

Anonymous Coward | about a year and a half ago | (#41603649)

DNA stores a lot more information.

http://en.wikipedia.org/wiki/IPv4

Right there in the Addressing section. 4.3 billion addresses for 8+ billion people's devices, so we share them.

get away car (3, Interesting)

goombah99 (560566) | about a year and a half ago | (#41603667)

It's a bit like finding the get away car for the bank job in your house and all the neighbors agree you use it to drive to work.

Re:get away car (1)

LordLimecat (1103839) | about a year and a half ago | (#41604141)

...Except instead of it being "your car", its a ZipCar, and its shared by 20 other people on a weekly basis.

Re:IPs parallel the discoverable world (1)

Anonymous Coward | about a year and a half ago | (#41603737)

because in my home as many as 10 people can be using the same internet connection thus sharing the same ip address ... meaning there is ALWAYS reasonable doubt as to who did the downloading.

additionally the ip addresss supplied by the ISP can and will change from time to time ... meaning that you cant even be certain the downloading occured at my location

Re:IPs parallel the discoverable world (1)

mellon (7048) | about a year and a half ago | (#41603777)

Unfortunately the standard in civil cases is "a preponderance of evidence," not "no reasonable doubt."

Re:IPs parallel the discoverable world (1)

sjames (1099) | about a year and a half ago | (#41604065)

I would say that a 1 in 10 chance that the named individual was the one at that IP address at the time falls short of preponderance of the evidence. Throw in that someone might hop on their WiFi (invited or not), might spoof their address with a hacked cable modem, might use a compromized PC as a relay, or the ISPs logs may be wrong about who had the IP when, and IP address is looking like an absolutely terrible way to identify a particular person.

Re:IPs parallel the discoverable world (1)

shaitand (626655) | about a year and a half ago | (#41603983)

DNA shouldn't. Just because DNA is accepted where it shouldn't be doesn't mean IP's should be.

Re:IPs parallel the discoverable world (1)

Anonymous Coward | about a year and a half ago | (#41604121)

If DNA can

For a long time, DNA couldn't, but nobody bothered to question the prosecutors when they had an N-point match and their lab guy said it must be the right person. Some researcher decided to run through the DNA fingerprints on a lark and see how many people matched each other and suddenly there were dozens of "one in 113 billion" 9 loci matches and all the prosecutors started running helter skelter around screaming "no you aren't supposed to use it this way! Pay no attention to the woman behind the curtain finding dozens of people with nine loci matches! Make her stop! Make her stoooooooop!" (cite: http://articles.latimes.com/2008/jul/20/local/me-dna20 [latimes.com] )

These days though, the DNA technicians just swear in then lie in court rather than bothering to do the work. Hey, if the prosecutor thinks they're guilty they probably are, and when they're caught its not like the DA is going to press perjury charges against the star witness. (cite: http://www.google.com/search?q=crime+lab+dna+scandal&gs_l=news [google.com] )

Responsibility? (4, Insightful)

i_ate_god (899684) | about a year and a half ago | (#41603555)

An IP address will identify a connection, that someone is responsible for.

There is plenty of cases of Person A committing a crime or getting into an accident, using something from Person B, and Person B getting into trouble as a result.

Re:Responsibility? (0)

Anonymous Coward | about a year and a half ago | (#41603563)

And if you support those laws, you're a piece of garbage.

Re:Responsibility? (1)

i_ate_god (899684) | about a year and a half ago | (#41603745)

why?

negligence, in some cases, should be considered criminal.

Re:Responsibility? (1)

mellon (7048) | about a year and a half ago | (#41603797)

Right. If you leave your car's emergency brake off on a slope, and it rolls down and kills someone, you're responsible for that person's death. Of course, they'd have to prove that you were the one who parked the car badly. Now, what's the equivalent analogy for an open WiFi connection?

Re:Responsibility? (1)

i_ate_god (899684) | about a year and a half ago | (#41603923)

your router, your connection, your responsibility.

If you leave your wifi open, you do not suddenly become a common carrier yourself.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

Now, that said, we have to look into the grey areas. Should a company be held responsible for an employee that uses their internet connection for bad things? What about a cafe with free wifi? I don't know.

but if I leave my personal home router open, and someone parks their car outside and starts exchanging child pornography, then yes, you can not 100% prove that it was me who transferred that child pornography, but you can say I enabled it by not taking the necessary steps of securing my wifi.

Re:Responsibility? (5, Insightful)

Anonymous Coward | about a year and a half ago | (#41603991)

The Internet is meant to be open and free. You clearly oppose that because you believe that it's easier to adopt a Tough On Crime mentality than to do some actual police work. It's much easier to just throw your arms up and say "I don't know who did this, so we're punishing you!" than to accept that you can't get all the 'bad guys'.

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

If normal people can't get away with it, businesses shouldn't be able to, either.

Re:Responsibility? (3, Insightful)

foniksonik (573572) | about a year and a half ago | (#41604009)

So if I leave my car unlocked or even my keys in my car and someone comes along and uses it to rob a bank I should be partially responsible?

Doesn't pass the smell test.

If you swap out car for tank and robbing a bank for rampaging through San Diego then it looks more like criminal negligence.

I'm thinking a misdemeanor at most for leaving a wifi connection open. That's still stretching it.

Re:Responsibility? (3, Informative)

mark-t (151149) | about a year and a half ago | (#41604107)

No... more like if you leave an open suitcase of cash on your front lawn while you go out (assuming there is no wind), where anybody walking by can see it, and make absolutely no effort to secure any of it inside your own home, then you should bear some responsibility for the fact that when you come back after a few hours, it's not all going to be there.... even though other people broke the law by stealing your property, you were still negligent in how you managed it. If that money was not ever actually yours, but belonged to somebody else, then you could reasonably be legally held liable for any that was missing.

Re:Responsibility? (1)

bonehead (6382) | about a year and a half ago | (#41604201)

So how is McDonald's not legally liable for anything and everything somebody does while on their open, free, unauthenticated WiFi network?

Re:Responsibility? (2)

mark-t (151149) | about a year and a half ago | (#41604237)

They would be... if it happened often enough to be noticed. That doesn't seem to be the case so far, however. Probably because (most) people who use McDonald's free wifi don't generally stay there for hours and hours to surf the 'net. The general case is that people are usually there to get food, and may only browse online while they are eating there. When they are done, they get up and leave. Not a whole lot of time for crime committing, overall. Of course exceptions to this can and certainly do happen, but my point is that such exceptions *ARE* just that... exceptions.

In general, the only way to really avoid liability is through common carrier status

Re:Responsibility? (1)

Drishmung (458368) | about a year and a half ago | (#41604071)

With reference to gp, to whom you were responding. You need a license to drive a car (and registration). Not to operate a PC.

While YOU certainly know how to secure a router, not everyone does. Anyone, even someone with no tech knowledge (no license required to drive the Internet) can go to the store and buy a WiFi router. Which they set up. And maybe it tells them how to secure it and maybe it doesn't. If they don't, someone can drive by and steal their connection. They can abuse copyright (a civil matter) or download child pornography (felony, so proof beyond reasonable doubt is required).

In any case, who is to blame? The person that didn't secure their router? The store that sold them the gear they didn't secure? The manufacturer that didn't make equipment that had to be secured by default?

More analogy: you leave your door open and someone walks in and downloads pr0n using your router. Is it your fault? You shut your door, which they open and etc. Still your fault? You lock they door but they pick the lock. Still your fault? You barricade the door and triple lock it with three different brands of lock. They enter through the window. Still your fault?

I see what you mean about taking some responsibility, but from a legal point of view (remember, there is no right, no wrong, there is only the Law) what do we want the Law to be?

Re:Responsibility? (2)

bonehead (6382) | about a year and a half ago | (#41604187)

If you intentionally leave your wifi open, and someone uses that connection to commit a real crime with real consequences, then why should you, the owner of the router, not take some responsibility for it?

Why should I take any responsibility for it? The person committing the crime is the one responsible. Not just for the "primary" crime, but also for the crime of ILLEGALLY using my wifi connection.

And if I had secured my router, they would have just gone down the street to McDonald's and grabbed some free WiFi there.

If some douchebag steals my shit, that makes me the victim, not the criminal.

Re:Responsibility? (0)

Anonymous Coward | about a year and a half ago | (#41603993)

Using someone else's WiFi seems to be much more akin to trespassing to me more than anything. If I leave my door unlocked so that a brilliant yet highly troubled assassin uses my house as a place to set up his gun and proceed to kill someone from. Am I responsible for the murder? Not really. Maybe (Criminal) Negligence could possibly be put on me if the murder would not have happened if I had locked my door, but that is a far cry from murder and would also be highly debatable to if me locking the door would have prevented it anyway . This is how I see IP addresses in relation to copyright infringement. While there is no way of telling who actually used the IP address to infringe on someone's copyrighted work, can you reasonably prove that the infringement would not have happened if the network was secured?

Re:Responsibility? (1)

nerdfiles (898333) | about a year and a half ago | (#41604043)

In cases like this, it seems like the Sorite's Paradox, or the problem of the heap. Does the law possess a flexible enough structure to tolerate indeterminacy? Is it a matter of the {kinds} of TCP traffic which may serve an "empirical criterion" function, like hair follicle or fingerprint, for determining identity? An IP address alone says nothing, indeed, and what's more, one doesn't simply have an IP address but a wealth metadata (hypermedia application data) that shapes, or frames, how one should interpret what that IP means. Investigators will define an IP, it seems, using a scope of relevant TCP traffic.

Re:Responsibility? (1)

shaitand (626655) | about a year and a half ago | (#41604007)

Only intentional and willful negligence leading to the harm of actual people where the negligent party had reasonable cause to suspect that might happen. Creating the potential to hinder the copyright cartels and police state from positively identifying and tracking an individual and their actions is a far cry from harming real people.

There is no physical harm that directly results from the use of an internet connection. A killer could rig up some kind of click to kill site to a machine or something but I don't think that has a "reasonable" probability of happening.

Re:Responsibility? (2)

mark-t (151149) | about a year and a half ago | (#41604129)

There is no physical harm caused in counterfeiting currency either.

Just sayin'.

Re:Responsibility? (1)

Anonymous Coward | about a year and a half ago | (#41604183)

Stop "sayin'" and start thinkin'.

Re:Responsibility? (0)

Anonymous Coward | about a year and a half ago | (#41603565)

if someone loans your car....and robs a bank......

Re:Responsibility? (1)

Anonymous Coward | about a year and a half ago | (#41603693)

If you loan them your car then you're an accessory to the crime.

But with IP addresses having potential for being dynamically assigned, having a shared IP within a single household (external at least), and several other factors which could mean that the IP doesn't belong to a single individual at all. It's also possible to use various technology to mask or misuse other IP addresses to conceal your identity and potentially mislead this identification to such a point it's beyond invalid.

If your PC is a zombie and you have no knowledge of this, does it make you as guilty as lending your friend a car to committ a crime?
I don't think so, it's easier to show where neglect to cover your own ass was made in one instance, yet in another (for most general PC users) is not a crime. It's more an example if your car gets jacked and you're forced to drive to and from a bank robbery under duress.

I may have several devices in my home - can I vouch for every one of them for security to an absolute, or can I merely show I made sufficient effort to avoid being abused and be immune to prosecution..

IP Shm-IP.

Perhaps the telcom/BB provider should be the guilty party for allowing illegal activity to be allowed on their 'roads' in the first place.

But then my car can do 100mph, it doesn't mean I should drive that fast.

I don't think I have a point, I don't think I even have an IP.

Re:Responsibility? (1)

ThatsMyNick (2004126) | about a year and a half ago | (#41603823)

If you loan them your car then you're an accessory to the crime.

No you are not. If you knew that he is going to rob a bank and still loaned him the car, then you are an accessory (for obvious reasons).

Re:Responsibility? (1)

Dan East (318230) | about a year and a half ago | (#41603913)

If you loan them your car then you're an accessory to the crime.

Only if the prosecution can prove the owner knew what they were going to use the car for.

Re:Responsibility? (4, Informative)

dgatwood (11270) | about a year and a half ago | (#41603949)

If you loan them your car then you're an accessory to the crime.

No, you aren't, or at least not in the U.S. You are only an accessory if it can be shown that you had actual knowledge that the person who borrowed your car intended to rob a bank. If someone asks to borrow my car and then, without my knowledge, uses it to rob a bank, I am not an accessory.

Similarly, you are only an accessory if you knew that loaning him or her your car would help him or her in committing that crime or evading capture in some way. If somebody tells me he or she is thinking about robbing a bank and then, in a separate conversation, asks to borrow my car to go get milk, I am not an accessory even if he or she then robs the bank using my car.

You have to have not only knowledge of the crime, but also intent to aid in the commission of the crime.

Re:Responsibility? (1)

Dan East (318230) | about a year and a half ago | (#41603905)

That's not a good example, because there should be physical evidence and witnesses of the person who committed the crime inside the bank. That is additional evidence and information that either reinforces or weakens the case against the car owner.

In this case, I think a better example is if you have a car that several family members and a few neighbors can use. You simply leave the keys in the car all the time so those people can use it at will. Late at night someone takes your car (it might be one of those "authorized" people, friends of those people that know about your car, or even a complete stranger that happened by), hits and kills a pedestrian, returns the car to your garage, and a camera at the crime scene recorded your license plate number. The ONLY evidence investigators have is your license plate number and nothing more.

No jury is going to convict someone of manslaughter based on that situation, because there is significant doubt of who was operating the vehicle. Is there liability in this case for the vehicle's owner? Certainly, but if a prosecutor goes all out, and attempts to get a murder charge, then the defendant would almost certainly be acquitted. The prosecutor would likely go after some other lesser "accessory" type of charge which would also have lesser burden of proof, and lesser penalties.

Where the vehicle owner would have the greatest legal jeopardy is in a civil wrongful death case. A jury would almost certainly find against the owner of the car.

In this case the prosecution is going all-out. The analogy is not just that the prosecution claims the owner of the car was the one operating it when a pedestrian was killed, but that the owner of the car went out and sought that specific person and ran them over.

Hopefully there will be enough jurors that think "you know, I have this Wifi thing at home too, and I don't fully understand it, nor can I KNOW that it is totally secured, so it could be ME right now on this list of defendants, because someone parked on the street near my house and downloaded music using my internet connection."

Re:Responsibility? (1)

sjames (1099) | about a year and a half ago | (#41604083)

The prosecution would have to prove that you loaned them the car knowing they intended to rob the bank. Otherwise you are just another victim.

Re:Responsibility? (3, Interesting)

msauve (701917) | about a year and a half ago | (#41603613)

"An IP address will identify a connection, that someone is responsible for."

Sure. The ISP is responsible for that IP address, and has bigger pockets than some individual subscriber - so why not go there? ISPs have fought long and hard to not be considered "common carriers," so that would be just desserts.

Re:Responsibility? (1)

i_ate_god (899684) | about a year and a half ago | (#41603749)

for the same reason that a car company won't get blamed when someone drunk drives, but the establishment serving the drinks (or in some jurisdictions, the bar tender) will be.

Re:Responsibility? (4, Insightful)

Riceballsan (816702) | about a year and a half ago | (#41603879)

Really when it comes to cars, generally the way they cover themselves, is by knowing who is using their cars at all times. Lets say hypothetically a rental car was used in a crime, anything from a getaway car for a bank robbery, to running a red light with cameras. The police contact the rental car company and ask who was driving the car with the license plate at 7:30PM on monday. The rental car company shows their copy of the ID, the form of payment they took, etc... and the police move on to look for the actual crook. Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is. A loaned car, they will probably ask you who you loaned it to and analyze it. Of course open wifi, is more akin to leaving the car on the street, door open keys in the ignition, that could be negligence. IMO it's a grey area depending on how the wifi was breached, but that's where it opens up the can of worms, wifi cracking usually leaves no trace. Distinguishing, open wifi, secured wifi used by authorized users, and broken secure wifi, is where the case lies, and IMO should be required to file the suit. IMO the RIAA should have to send a goon to the location, determine if there is wifi, if there is then determine if it is open. If the location has no or closed wifi, have to work with local police and have the police obtain a search warrent, and actually prove the files are on a machine in said house. The batch lawsuits of gathering 10,000+ IPs at a time and suing them all requiring the defendants to prove their innocence is an abomination to due process.

Now whether the laws should even exist in the first place, is a whole other matter. IMO no, but that is off the subject, the discussion isn't on whether the law is right or not, but on whether just sniffing trackers for IP addresses, is enough to fairly judge someone guilty. My view on that is absofrickinlutely not.

Re:Responsibility? (2)

bonehead (6382) | about a year and a half ago | (#41604233)

Forced entry into a car, the police will likely look at as a stolen car and whatever the crime is.

And today's lesson, kids: Next time you rob a bank, throw a brick through your car window!

Plausible deniability. Good enough for presidents, good enough for us.

Re:Responsibility? (1)

gpmanrpi (548447) | about a year and a half ago | (#41603829)

Person B, generally, has to have known or should have known that something Person A was going to do with Person B's things would be used for a crime or something bad. On another note, I think you are confusing negligent entrustment theory into a copyright case. Without having reviewed the relevant case law, I find that to be a bit far fetched. Having a duty to run a secured WiFi, is a big leap, since it is not a legal requirement. You don't have to lock your door, or your car. In many states "war driving" is illegal, so that makes it unlikely that the person is going to be held liable for the criminal action of another as the basis.

Re:Responsibility? (1)

CodeBuster (516420) | about a year and a half ago | (#41604225)

so that makes it unlikely that the person is going to be held liable for the criminal action of another as the basis.

Why take a chance on that? Secure your network or else pay someone else to do it for you, preferably through a registered business, and save the receipt.

An account holder is responsible for all traffic (0)

Anonymous Coward | about a year and a half ago | (#41603593)

That is the ultimate ruling that will result from this. Don't delude yourself into thinking it will end any other way.

i'm from PA (0)

Anonymous Coward | about a year and a half ago | (#41603595)

oh god i sure as hell hope my VPN provider doesn't respnd to legal threats.

wait, was i even connected?

oh god

It can help. (5, Insightful)

TheLink (130905) | about a year and a half ago | (#41603631)

An IP address can _help_ positively identify a person.
It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

If the download was made by the IP of your internet connection at that time, then it's evidence that something using your connection was doing the downloading. If they find other corroborating evidence that it's you - e.g. the downloaded file is on your computer, in your personal folders, shows up in your download history, the computer is not normally shared, there's no malware or remote control software, then it's likely to be downloaded by you.

But an IP sure isn't sufficient alone in itself. The **AA probably want it to be like a car license plate in certain countries - where if a camera takes a picture of a car breaking a traffic speed limit, that has the same plate as your car, looks like your car, then they expect you to either pay the (usually smaller) fine or identify the person responsible so that they can do it. Or challenge it in court and pay the full fine.

However in this case they want huge fines and the fines to go to them ;).

Re:It can help. (1)

SQLGuru (980662) | about a year and a half ago | (#41604077)

So, what about this:

I can change my IP address to anything I want. Sure, if it's in use, there will be collisions and what not, but if I get lucky, it's unused. But from the standpoint of the argument, which IP address does my ISP think I have? The one I got via DHCP from their servers? Or the one I manually set (assume it's still one of the ISPs pool of numbers and I got lucky with one that was currently free). Also assume my MAC address is spoofed to BEEFCAKE or what have you.

Re:It can help. (1)

Drishmung (458368) | about a year and a half ago | (#41604177)

It depends on the ISP and how you connect, but in many cases the ISP will enable configuration so that if you try and use an IP address other than the one they gave you it will fail. This if for no other reason that a compromised or busted device sending promiscuous ARP with bogus addresses acts as a denial of service attack. See this cisco document [cisco.com] for how this works on some equipment.

Re:It can help. (1)

mark-t (151149) | about a year and a half ago | (#41604199)

I'd place not insubstantial odds that your ISP isn't going to accept data from you at all if you change your IP address to one that doesn't actually belong to you.

Re:It can help. (1)

fnj (64210) | about a year and a half ago | (#41604101)

It can definitely negatively identify a person - if the public IP is different it wasn't you doing it (assuming you weren't using that public IP :) ).

So in other words, really it CAN'T negatively identify a person. There is nothing to say John didn't visit Harry and use Harry's router to download. It can't positively identify, and it can't negatively identify. It can't identify SHIT. Not by itself.

Exactly like you said, it is merely a piece of evidence which MAY, combined with other evidence, combine to accumulate evidence against you.

This is still an issue? Are you KIDDING?! (2)

chronokitsune3233 (2170390) | about a year and a half ago | (#41603635)

Given the fact that wi-fi is so predominant these days and the fact that several access points are left unsecured as well as the fact that any particular access point routes to one of a number of IP addresses belonging to the same subscriber, an IP address is not a reliable way of determining who actually downloaded things illegally.

Good news for Tor? (2)

Press2ToContinue (2424598) | about a year and a half ago | (#41603717)

IF this spells the death of the It's-your-ip-so-that-means-you-did-it argument, then I can see Tor exit-node hosting becoming a lot more popular in the USA. On the other hand, if it is not, then ...

Big problem? No. (5, Interesting)

girlintraining (1395911) | about a year and a half ago | (#41603729)

This isn't the smoking gun you might be thinking it is. Until now, most piracy claims have been prosecuted under the idea that infringement must be willful. In other words, the prosecution has to prove intent. If you accidentally download, or stumble home late one night and while fumbling for the lights, happen to push the "download 300 gigabytes of copyrighted porn" button, intent is not satisfied. Of course, it's pretty hard to prove intent looking at network traffic -- how can you tell the difference between an action initiated by a human, and an action initiated by a computer program? Even if you can prove it's a human, can you prove which one? Digital forensics is still in its infancy, and it has clear and compelling limitations.

That's why, (drum roll please), we have crimes of strict liability. For example, possession of stolen property. Doesn't matter if you knew it was stolen. Doesn't matter if you checked all the registries for stolen products, the serial numbers -- there is simply no defense in cases of strict liability. It was found on your person or on your property and ta-da, guilty. I'll let someone with a more legal background get into why this is bad if they want in a reply, but short answer: Yes, it's abused. No, it won't stop anytime soon. This is what file sharing is moving towards -- you no longer have to prove intent, the act itself is now grounds to throw you in prison or fine you more than acts of major depravity, terrorism, murder, etc., would net you. Again, not how strict liability was sold when it came out, but that's how the way the doughnut's rolling these days.

What I'm getting at is that IP addresses might legally become evidence that the account holder did it... or it may not. But either way, it's still probable cause to search your computer, person, property, etc., and if they find ye ole pirate treasure, you're going to be just as screwed. And as a bonus, if you encrypt it or otherwise protect it from being searched, odds are good they'll tack on additional criminal charges as well, or simply hold you in contempt of court, which means indefinite jail time without appeal, trial, etc., for failing to surrender the encryption keys... even if you can prove a sudden case of total amnesia and are now a glorified vegetable who's main mode of communication is drool, you might still be rotting in jail the rest of your life.

God bless America.

Re:Big problem? No. (-1)

Anonymous Coward | about a year and a half ago | (#41603809)

Yawn, +5, grow a fucking pair and attack rather than bitch about.

Must be one of those angry overweight ugly lesbian cunts the FBI uses to infiltrate other groups of ugly overweight ugly lesbian cunts.

Re:Big problem? No. (2, Interesting)

girlintraining (1395911) | about a year and a half ago | (#41603863)

Must be one of those angry overweight ugly lesbian cunts the FBI uses to infiltrate other groups of ugly overweight ugly lesbian cunts.

I know I'm breaking rule #1 of Slashdot: Don't feed the trolls. Buuut... it's late, I'm bored, somewhat drunk, and still fabulous. First, not overweight or ugly. Second, I'm bi, but my last two relationships have been lesbian. Third, I prefer the term bitch, not cunt. I reserve that word for people who have done worse to me than making an internet post on some website only known to a fraction of the population. As far as being used by the FBI, nope -- that's what PETA is for. Didn't you get the memo? Us cunt lesbians hang out at PETA meetings, not replying to comments by the marginally literate.

Go ahead, mod me down now guys... but be honest: Every now and then, beating an anonymous coward to a pulp is carthetic.

Re:Big problem? No. (2, Funny)

Anonymous Coward | about a year and a half ago | (#41603919)

Every now and then, beating an anonymous coward to a pulp is carthetic.

No, the Kia Soul is carthetic.

Re:Big problem? No. (0)

Anonymous Coward | about a year and a half ago | (#41604049)

Did someone really reply to you like that? What the fuck? Seriously.

Some people are stupid kinds of fucked up.

tl;dr version:Caught pirating - EFF please help! (-1)

Anonymous Coward | about a year and a half ago | (#41603733)

Considering what's at stake, it would be no surprise if parties such as the Electronic Frontier Foundation (EFF) are willing to join in. They are known to get involved in crucial copyright troll cases, siding with the defendants. We asked the group for a comment, but have yet to receive a response. On the other side, Malibu Media may get help from other copyright holders who are engaged in mass-BitTorrent lawsuits. A ruling against the copyright holder may severely obstruct the thus far lucrative settlement business model, meaning that millions of dollars are at stake for these companies. Without a doubt, the trial is expected to set an important precedent for the future of mass-BitTorrent lawsuits in the U.S. One to watch for sure.

Dude, you've been nailed. Stop hoping and praying that the EFF is going to come riding to the rescue. Coming up with wild hypotheticals that BIG MEDIA(tm) is going to persecute you isn't going to help.

Jury Nullification (0)

Anonymous Coward | about a year and a half ago | (#41603847)

Time to start squeezing Jury Nullification pamphlets into every bit-torrent file. Hmm. There's an idea; can anyone whip up a Jury Nullification badge for websites?

Nope. (2)

mark-t (151149) | about a year and a half ago | (#41603891)

It can't identify a specific person. At all. The pigeonhole principle proves it irrefutably, since there are 4 billion possible IP's, but roughly 7 billion people on the planet. It is therefore impossible for an IP to uniquely identify an individual.

Although admittedly that particular argument isn't valid for IPv6... it's still true for a vast majority of IP addresses right now. Even under IPv6, however, it will probably still be the case unless (or until) we start directly associating unique IP's with particular people regardless of what kind of device they are utilizing, you still won't be able to associate an IP address with a particular person. At best, you can get only the subscriber who leased that IP. This may or may not be the individual, but an argument can be made (one that I don't fully agree with, but can see some valid reasoning behind) that a subscriber could be held accountable for activities on his or her subscription that they ought to have had the ability to supervise and approve of.

Re:Nope. (1)

Anonymous Coward | about a year and a half ago | (#41604283)

This is easy. Hand the judge your laptop and say "go into the settings and look at the IP address this computer is using. Write it down."

Next, tell the judge to browse images.google.com and type in some search terms. It is almost guaranteed that some images that show up in the results are in violation of copyright... now tell the judge he has just been identified as an infringer by his IP address. Ask him if he is guilty or you are.

The inevitable car analogy... (1)

SuperCharlie (1068072) | about a year and a half ago | (#41603925)

The IP is the car.. yes, someone owns the car or might be responsible for the car at a particular time, but they may or may not be driving it.

Must suck to live in 'merica... (-1)

Anonymous Coward | about a year and a half ago | (#41604011)

hahaha, f**k you tards... the world couldn't care less for your pathetic broken legal/patent/copyright system... enjoy your own crap... lol

ISP have messed up ip tracking as well metering (1)

Joe_Dragon (2206452) | about a year and a half ago | (#41604293)

ISP have messed up ip tracking as well metering so what a ISP says may not hold up in court.

There lot's of old cases of that hear on Slashdot.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...