What Questions Would You Ask An RIAA 'Expert'?

NewYorkCountryLawyer asks: "In UMG v. Lindor, the RIAA has submitted an 'expert' report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's 'experts' have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"

I'd ask:

[Vengeance]

How old are you?

You see, I'm doing a research paper on how long a human can live without a brain.

or....was it painful...

[Anonymous Coward]

to have your soul removed?

Re:

[MightyYar]

Actually, I'm kind of curious as to what they taste like...

Re:I'd ask:

[Vengeance]

Followed by "Would you like to buy some?"

Jusst one Question

[Joe Snipe]

Why?

Re:

[Ocular Magic]

His e-mail address is dougj@iastate.edu, maybe you could ask him why directly? (pulled from a PDF listed above)

Re:Jusst one Question

[nacturation]

Why?

Actually, why this story has been posted is quite ingenious. All of the +5 responses supplied become NewYorkCountyLawyer's cross examination of the RIAA experts. It's like having access to thousands of researchers with a passion for the topic. Quite a brilliant idea, really.

Next up: Hans Reiser's lawyer wonders what questions you'd ask a homicide 'expert'.
 

Re:Dear Slashot

[LuYu]

It seems very odd for lawyers to be asking Slashdot how to defend their client. Right? If your lawyer can't do better than that, you should get a better lawyer.

Wrong. Lawyers understand the law, not technology. You could probably build a ladder to the moon with all the text that is generated on Slashdot alone about stupid lawyers and politicians getting technology wrong. This expert witness is a Geek (yes, with a capital G), or at least he thinks he is. This could not be more completely Slashdot's turf.

Lawyers do not often consult public opinon on any topic. They should be thanked for this.

Also, by the way, the lawyers here are not doing their job, they are doing your job. They are defending your freedom to share information -- which is the modern form of speech. It is every individual's duty to defend freedom. Do not criticize them for giving you a helping hand.

Conflict of interest

[MECC]

What steps would you take to prove that a screenshot is 'authentic'? If I doctored a screenshot to include a list of songs, how would you discover the doctoring? How would establish that the song names contained the correct songs and not something else? Are all screenshots unalterable?

Describe the process of 'proving' that someone's home computer used a given IP address at a given time. Anywhere.

Very good questions

[NetDanzr]

Those are very good questions. I'd add the following:

* How do you prove that the contents of the "shared" folder were actually shared with third parties? (I have a "shared" folder with music on my PC, to stream to my other PCs and my stereo)
* How do you prove the "shared" folder was not created automatically by the P2P software?
* How do you prove that the user was computer savvy enough to prevent the software from creating the folder?

Re:Very good questions

[Daemonstar]

I'd also add:

• Can you determine who was operating the computer at the time of the alleged offense? (I realize that this may be nullified by something like "criminal responsibility"; does this matter in a civil case?)
• How do you know that the defendants did not already own the material they were downloading? Or is it merely "distribution" (uploading) that is at the center of the offense?
• How is sharing a file considered "distribution"? Why does it apply here and not in other circumstances (cite thoughtful and meaningful scenarios here)?

Re:Very good questions

[whoever57]

* How do you prove that the contents of the "shared" folder were actually shared with third parties? (I have a "shared" folder with music on my PC, to stream to my other PCs and my stereo)

This raises an interesting question: how do you prove that the listed files could actually be shared and that technical means (such as a firewall) were not preventing sharing, while still allowing the listing of files?

Re:

[number11]

How do you prove that the contents of the "shared" folder were actually shared with third parties?

Indeed. A friend has a computer that runs P2P file sharing. The P2P program displays the number of query hits and uploads (for session and lifetime) for each file that is shared. Some of the files have never been downloaded. Granted, those tend to be files with names that either are completely uncommunicative ("H325B", "AnalogWholev099022.exe"), music by extremely obscure artists, and/or files that have rec

Testing

[TapeCutter]

"If they have ever run tests to see if the file matching can be fooled into false-positive matches (especially if they have not actually listened to the downloaded files), and what the accuracy rate is."

Good question, proving correctness, even for trivial software is an expensive task and the RIAA are penny pinchers.

If they do have test results then question what quality standards (eg: IEEE, CMM) were used to conduct the testing. Ask for past and present "bug lists" or anything else that displays the

Re:Conflict of interest

[Iphtashu Fitz]

If I doctored a screenshot to include a list of songs, how would you discover the doctoring?

Even more importantly, what if the actual files were doctored. If I were to create a file named "Around the World - Red Hot Chili Peppers.mp3" and put it on the Kazza network how would you determine if it's actually that song? Are you relying on just combinations of filenames and checksums/hashes? Hashes like those used by Kazza can be replicated with a bit of effort. Maybe I set up a phony Kazza server to flood the network with bogus copies of files. They'd need to download the actual files and listen to them in order to verify their authenticity.

Re:

[flyingfsck]

Even the RIAA have seeded P2P networks with bogus files, so this can easily happen.

Re:

[darkain]

This reminds me of years ago when P2P networks first started to become popular. I went into MSPaint, created a new file... I used my mouse and my "awesome" *cough.cough* art skills to wrtie the word "porn" on the screen. I would then save it as "porn.jpg", and see how many losers would download it. Now, if I where to rename that same file to "child_porn.jpg", I probably would have been arrested.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Conflict of interest

[swillden]

Realistically, if you're sharing a file with that name, it's improbable that it's not what the file says it is.

I see you've never actually used Kazaa or similar P2P networks.

Re:Excellent Questions

[mpapet]

Maybe the legal staff needs a little explanation as to why these questions are *so* important and hopefully clarifying things.

1. Screenshot http://en.wikipedia.org/wiki/Screenshot [wikipedia.org]
There is *no* way to prove where a screenshot came from. There is *no* audit trail, no chain of custody, no way to verify where the screenshot came from. NOTHING. Practically speaking it is *very* simple to completly fabricate screenshots. I'm not saying prosecution would do that, but very substantial doubt is easily established by asking the parent's questions.

2. Chain of custody on the PCs in question
Has the chain of custody been established and verified? Do you know the PC hasn't been tampered with by prosecution? Obviously you can't say that outright, but what they are claiming is almost impossible to verify.

3. What were prosecution's discovery techniques?
Substantial doubt can be established by punching holes in their discovery methods. Screenshots is a good example. Easily faked. Or maybe it's just a case of "the wrong man" because it's not clear who did the stealing which doesn't question the prosecution's standing as good lawyers so much. There will be many holes you can drive a bus through and slashdot is just the place to clarify/verify. I for one will be happy to volunteer if it sets some precedent. mpapetATyahoo.com.

4. Chain of custody on the files in question
It's possible that the files were transferred to them lawfully. Can prosecution establish a chain of custody on the files in question? Files on a computer is impossible to establish as fact the time/date the file was written. The opposite example is how easy it is to establish the time/date a shoplifter was in a store. A store employee would testify, "Because I saw them there" or "I caught them." There's no such analogy in file sharing.

5. Doctrine of First Sale
Check out the doctrine of first sale. That's a long-established precendence that may help you.

I'm shooting in the dark, but I want to help. I have a good server and some bandwidth, if you need a way to collect expert advice from the techies in maybe a wiki or slashdot style site let me know. It'll take a couple of days to set up. I'll do it for peanuts just to establish some precedent.

Re:

[trewornan]

The standard is a balance of the probabilities. That is, whatever the jury thinks most likely happened

This point has been made a lot in these comments and in theory it's absolutely right, but (as ever) theory and practice are different environments. Given a sympathetic jury (not an unlikely occurence) and the mis-matched resources of the plaintiff and defendant, substantial doubt might well be enough to tip the scales in many jurors minds.

Re:Conflict of interest

[DCFC]

I agree it is a good question, but I'd spin it slightly. I'd ask him *how* to doctor a screen, and how trivial it would be to fiddle records that showed the defendant had a given IP address.
It would take very little time for a competent person to do this, indeed to ridicule the RIAA position,I could take a couple of days with an average 10 year old would leave them able to do this, a smart 8 year old could do it in a morning.
Ask him if he's conducted a review of ISP logging s/w, as in read the source code, not as in sent an email asking if it was "OK". Would bet good money he hasn't. Actually the ISP's aren't likely to sayt their s/w is 100%. a) Because it's a lie which no one will believe
b) they don't know if it works, and don't care enough to check.
Ask him why the records sent by ISPs say in big letters words to the effect "we've no bloody idea if this record is accurate, hell we can't even get change of billing address right, or get the accounts to add up, you think we trust these records ? Dream on. We sent them because we don't want to go to jail, not because they are correct."
One question I'd ask him as an educator is
If you had a student that could not change this data to support the RIAA case, would he award them a good grade ?
Maybe follow up by asking him how many people have such training (my guess is that there are more people capable of this in the USA than firing a gun competently. Would you convict on the grounds that the prosecutor said "almost no one can shoot a target as small as a person at 25 metres" I would follow this pattern for any of the evidence produced by the RIAA
Get him to explain as their expert how it could be faked. When he claims something cannot, come to Slashdot, and I am very confident that not only can we find an "expert" who can fix it, but possibly more usefully a 13 year old with no formal CompSci education to demo how trivial it is.
There is no computer record used by ISPs or almost anyone else that cannot be faked if you have the password.
My background includes records stored by banks and a major government, and they use tapes and disks of the same brand and configuration as everyone else. Tedious, but not hard.
Even the access logs that record such changes are themselves very fragile, and are simply entries in a different easily malleable list, typically on the same system, and it's far from unknown for the access level required for the audit list to be reachable with the standard system admin password. This is the default for nearly all database systems. If his track record is accurate, then he will have the options of either admitting the evidence could be fake, or lying. Next question is to ask him the typical failure rate of IT systems. Ask him the difference between mission critical computing like you see on aircraft and medical systems and the famously buggy and bizarre scareware the utilities blunder with. Ask him if he'd convict a friend of a serious crime based upon ISP records.
No one with any integrity would do this. Then ask him what level of crime/penalty he'd accept. Good odds he'll pick music piracy. In particular it is important that you get him to acknowledge that the records say that this IP address matched an account, not a computer. This is very much not the same as saying "this computer did this". If you're lucky and this twerp does'nt read slashdot, he will say the MAC address unqiuely identifies a computer. One typically assumes this in many applications, but it is a standard documented function of many devices such as routers to take whatever MAC address you tell them.

Re:

[stoney27]

> In my country (Czech republic) we have law, that every ISP have to save its logs (including assigning IP) for at least 6 months.

So what logs are you talking about? Do they save every packet that comes to and
from you IP address? Or do they just save DHCP data with the MAC Address?
And there are some NICs that allow you to change or set your MAC address so
even that can be hard to prove it came from your computer?

-S

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

The reality is that unless the defendent can come up with a good reason why the screenshot would have been forged, it's likely to be taken by the court as evidence, and go a long way towards a "balance of probabilities" in favour of the plaintiff. So these kinds of questions aren't really that useful. Yes, technically, someone could have forged the screen shot, but there's no earthly reason why the RIAA and the content makers would actually want to frame an innocent computer user at the beginning of the cas

Re:Conflict of interest

[NewYorkCountryLawyer]

My impression is that they
-make money on the settlements
-lose money on the default judgments and
-lose a lot of money on every contested case.

Re:

[T-Ranger]

All logs of what? "All logs" could mean "all logs you keep now", which could mean exactly 0 logs. Or "all logs" could mean "log everything", which on a, say, OC-48 would be only the trivial amount of 2405.376 Mbit/s.

Which is about 4500 terabytes for 6 months.

But lets be reasonable and say that they are only averaging 20% utilization down to a more reasonable 900 terabytes.

Which is a minimum of of 1800 drives, assuming you are using drive manufacturers math, and no redundancy. So lets say 2500 drives.

In 12 b

Re:Conflict of interest

[cpt kangarooski]

Actually, that's only the standard in criminal cases. In civil cases, the standard is the far, far lower 'balance of probabilities' standard. Simply put, it's 'whatever probably happened actually did happen' even if that probability is a mere 51%. Even if there's 49% of doubt, that's still not good enough in such a case for the defendant to win.

So honestly, if someone was accused of file sharing on the basis of them being assigned an IP at a particular time from which files were downloaded which contain copyrighted material, even if we only have RIAA's word for it, and the defendant had an open WAP, and a computer forensicist finds corresponding files on the defendant's hard drive, while we all may accept that there is a real possibility that the defendant didn't do it, does anyone think that he probably didn't do it? Because if he probably did it, despite even a very strong (but necessarily lesser) chance that he didn't, then you have to find him liable.

I find it difficult to believe that /. users would think that the defendant probably didn't do it, barring something else of particular significance.

Have you _ever_ made a mix tape?

[waterford0069]

To take one for Steven Jay Page [wikipedia.org] of the Bare Naked Ladies

Have you _ever_ (and I mean EVER) made a "mix" tape? Did you give it to your SO/love interest?

Steven's argument being that effectively EVERY person in the music industry has done this at one time or another, and to be punishing their customers from doing effectively the same thing is hypocritical.

Re:

[mr_matticus]

See section 1008, Home Recording Act.

Unless you are distributing your mixes commercially (note that money does not have to be involved) or the mixes contain illegally-acquired tracks (thereby making you a distributor of illicit copyrighted works), mix tapes are just fine.

LOL

[HerculesMO]

Gave me a funny mental image...

Imagine serenading your love interest, and calling her out to the balcony and holding up the radio to her room, hit play, and get a "Authorization Required, please contact RIAA"

Sorry entertainment on a boring work day, my apologies :)

Start easy . . .

[Dr Caleb]

Like - did you listen to the alleged data to see if it was actually a copyrighted work? Does the copyright on those works all belong to the planitiffs?

Can they verify what IP address the alleded copyrighted work was uploaded from? (Eg: did it come from a single source only?) Go back a little further; can they produce anything that verifies Ms. Lindor's computer had the IP address they uploaded from at the time in question?

Freedom

[crabpeople]

Why do you hate freedom?

A bit about Mr. Jacobson

[linefeed0]

I always hate it when academics use their position to further crap like this rather than fight the bullshit. My alma mater had plenty of these jerks too, particularly the people running the career programs in "e-commerce" and computer security. One telltale sign is that they've testified before Congress [senate.gov]. Apparently Mr. Jacobson doesn't like p2p because there's porn on it. The money shot is this bit:

There are several issues that make pornography on peer-to-peer networks more problematic than web or FTP-hosted pornography. You don't have to look for pornography on peer-to-peer networks; it will find you.

On SOVIET LIMEWIRE, PORN FINDS YOU!

Re:

[acordes]

I had Dr. Jacobson as a professor for multiple courses (including "how to hack computers") and as a Senior Design advisor. He's a really nice guy and a good teacher as well. His stance on P2P surprises me a little bit. I would have figured he'd be on the side of less strict regulations on this stuff.

Come on!

[zepo1a]

Come /.! NewYorkCountryLawyer is trying to do something good here.

Can we get serious for a minute? Please?

Re:

[teslar]

No. An important instruction is missing in the OP: what exactly do you attempt to achieve by asking those questions?

1. If it's an attempt to discredit the guy, you need to ask an expert of your own, something you won't find here.

2. If you want inventive ways to ask if he likes being the whore of a mega industry, /. is the place to ask.

3. If it's anything else, it needs to be specified. until then we'll just assume your aim is in point 2.

Re:

[Vengeance]

More importantly, can we not entertain each other in the process?

After all, that IS at least half of the function of this web site.

questions

[superwiz]

1. What measures will be taken to safeguard the integrity of the data and the data storage devices. You don't want your property destroyed in the process of investigation.

2. Ask for extensive access to all the equipment that will be used during the investigation to verify that the said equipment may not accidently harm your devices and data.

3. Ask for a comprehensive review of all the privacy-safeguarding mechanisms that the plaintiffs have in place for the retrieved data. Further, ask for an audit of the feasibility of the privacy safeguards as well as their effectiveness in actually protecting the privacy of the data.

Re:

[cain]

These just seem like stalling tactics. Eventually the RIAA would comply with the requests and the trial would continue.

Re:

[superwiz]

You are giving too much of a benefit of the doubt to the RIAA "experts". I bet you they are pretty sloppy since they are used to speaking from the position of power.

Re:questions

[crmanriq]

1. Please provide a detailed outline of what tests you wish to perform, and the tools that you will use to perform them. Are these industry recognized tools, or are they proprietary? If they are not industry recognized, please provide source code so that their results may be analyzed in context by recognized experts.
2. Please state your reasons why these tests cannot be performed by an independent laboratory by skilled professionals.
3. Please state what industry standards these tests meet that will confirm their validity. (Do they meet an IEEE or ASTM testing standard?) If no industry standard exists, then provide documented research that lays out why these tests meet a standard of proof that can and should be allowed in a court of law.
4. What specialized equipment will be used in testing? Has this equipment been certified for this use, or is this a new use of the equipment? If it is a new use, then please provide supporting documentation to certify that any results achieved will be meaningful.
5. What measures will be taken to preserve the integrity of the data so that your results may be independently verified?
6. What measures will be taken to keep the equipment free from harm?
7. What measures will be taken to preserve the chain of evidence?
8. What measures will be taken to ensure that no data is added to, removed from or changed on the by your personnel or your agents? How can this be independently verified?
9. Which of your described tests include subjective criteria, and which are purely objective? How is the subjective criteria to be evaluated, and how could an independent testing body repeat this portion of testing?
10. How long will the testing take, and will you provide a functionally equal replacement during the testing duration so as not to deprive the owners of the use of their property?

Re:questions

[DamnStupidElf]

4. Ask them if they have the necessary licenses from Microsoft and any other companies to make copies of the data on the hard disk, including any legally purchased music they might encounter. Almost every forensic software package creates a complete duplicate of the hard disk as its first step to preserve the chain of evidence. Additionally, ask them if they will violate copyright law if they duplicate the hard disk and there are illegally copied media files on the disk that they don't own the copyright to. In criminal investigations, law enforcement is generally exempt from copyright law for the purposes of evidence gathering. I don't think individuals and companies have the same leeway during discovery, so basically the entire premise they are basing their case on will prevent them from performing an accurate forensic examination. Even if they don't make a duplicate copy of the drive, they will still be unlicensed to view certain files simply because the defendant doesn't have the right to relicense them. I imagine this has come up in courts before where companies try to hide things like trade secrets and copyrighted documents from discovery, but in those cases they are generally the sole owner of those documents and can be compelled to release them. A person owns almost none of the rights to software and other media on their own computer.

I think it's only fair that the plaintiffs should have to play by their own rules, e.g. that any use or copies of copyrighted material without explicit permission is absolutely forbidden.

Re:

[Maximum Prophet]

2. Ask for extensive access to all the equipment that will be used during the investigation to verify that the said equipment may not accidently harm your devices and data.

Everytime you power up a harddrive, there's a chance that you've powered it up for the last time. While it may be recoverable, you might crash the heads, and trash all the data on the disk. Thus, short of some sort of non-invasive quantum interference device, there's no way to read a drive that doesn't involve some level of risk.

Re:

[Ironsides]

4. What sort of 'Firewall' is in place to protect private/personal files not related to the case from being accessed by the plaintiffs? (i.e. personal financial information) 5. What sort of protections are in place to prohibit modification/installation/corruption of file/programs on the defendants/son's computer by the plaintiff? (protection against planted evidence) (note, possible solution would involve leaving the hard drive in escrow and providing the RIAA with an exact copy of the HD)

What worked over there...

[kid_oliva]

May work over here. Prof. Sips and Dr. Pouwelse expert witness statement seems to be what anybody being sued by the RIAA would want to find. The inability to prove they were involved in actual contribution. I think if you can get an intelligent judge or at least be able to explain what their findings mean; you should be able to get alot of cases thrown out. If not then appeal until you get the right judge. It seems that they have to go on hunting expeditions to try to even build a case otherwise they are c

Unlawful Searches

[Timesprout]

Ask them why they retain the services of a company found to have conducted unlawful electronic searches of an individuals computer, to provide their evidence of infringement.

Attack his expertise

[Anonymous Coward]

I saw at least one false statement in one of the filings. It's not a lie so much as a total lack of understanding of how IP networks really work and how far they can be pushed. Combine that with the fact he's been discredited in Canada and it should make the court ask questions.

In particular the statement that he was able to determine there was no wireless router in use at the time cannot be substantiated. It is possible to have a wireless router that NATs you right back to your public IP. In fact, I've done it (with out the wireless part) at least twice for different reasons.

If I were you, I would set up a demo that shows this and rub his nose in it.

Agreed!

[RingDev]

In paragraph 5 he claims that the machine that downloaded the songs was not connected via a wireless connection based solely on IP address. That's some magic trick! I have a wireless router in between a pair of firewalls at my house. If someone were to get on it and download IP, they would show up to the entire world as the same IP as my cable modem.

Also in paragraph 5 he sites the computer's Registry as additional proof that the machine was not connected to a wireless router. Which I suppose might have som

To what end?

[curtisk]

Well, to what end?

ask groklaw

[SABME]

Have you considered asking this question on http://groklaw.net/ [groklaw.net]?

You might get a better response there (i.e., less noise than /.), especially since Groklaw is about legal issues surrounding tech.

Re:ask groklaw

[werewolf1031]

That would be great if he wanted legal advice and information, but he doesn't. He wants computer-related technical advice and info, which he likely won't find on a legal website. Hence, he posted to a 'nerd' website to find those technical answers. Funny, I thought he made that pretty clear?

For example, he might ask:

• Can these "experts" guarantee the authenticity of screenshots showing IP addresses, ensuring they haven't been altered? (Most likely answer: No Frickin' Way.)
• What methods were used to determine that defendant was using the IP addresses in question at the time of the infringement? Can these methods be duplicated independently by outside IT personnel? What kind of authenticity measures were applied to the networking logs indicating that the defendant was indeed using those IP addresses at the time? Are they plain text files? How can anyone be sure they haven't been altered?
• Did they verify the contents of the allegedly infringing files to ensure that they do, indeed, contain material copyrighted by the plaintiff? And yes, checksums can be faked, with some effort, so they would have to actually listen to the files. Are these files still intact on the defendant's hard drive, and if so, how were they verified to have not been placed there after seizure?

I could go on all day, but you get the point. The lawyer doesn't want legal advice, he wants technical advice. Pay attention, dude.

Re:ask groklaw

[tinkerghost]

Additionally

• What measures were taken to verify that the IP address was neither spoofed nor usurped during the period in question?

Having worked for a cable ISP, it's not uncommon for 2 cable modems on the same UBR to have the same IP address - usually a result of one of the modems failing to honor the lease time from the DHCP grant - though potentially it could be deliberately done. Add to that the joy of promiscious mode settings and you can potentially be broadcasting from your neighbors IP address with his spoofed MAC address and still get your responses back.

• Were any of the routers between the system which captured the screenshot and the defendants modem compromised at the time the screenshot was taken?

I don't recall the exact number, but IIRC one of the internal memo's indicated about 5-10% of my former companies UBR's had been compromised at some point in the last year.

• What investigations have you taken into determining if the defendants computer was not compromised at the time of the screenshot.
• If the US Government is repeatedly the victim of criminal computer access, what is the level of due dilligence required of the average citizen to prevent a compromised system from being used to illicitly trade files?

If I understand it correctly, it is their responsibility to prove that the system was not compromised at the time of the screenshot. Given the average 1st security update to a virgin XP box is 20-30 minutes and the average time to ownership is 15 minutes, I think there is a reasonable case to be made that the box may have been compromised at some point - proving it wasn't at the specified time may be difficult - especially if there are a few virus fragments laying around indicating it being 'p0wn3d' in the past.

What bugs does MediaSentry have?

[Chris Snook]

My father is an attorney, and he once told me that you never ask a question you don't already know the answer to, unless the answer cannot possibly hurt you. There are a few possible answers here:

1) I don't know.

If he doesn't know, he's not an expert on MediaSentry.

2) None.

At this point you enter into evidence a copy of The Mythical Man-Month or some similar tome, and quote figures on bugs per lines of code. You have now discredited him.

3) Lots, for example...

This will go over *great* with a jury.

This guy claims that the hard drive provided must be the wrong hard drive because it doesn't show any evidence of file sharing whatsoever, and MediaSentry claims there was file sharing. Maybe it's a bug in MediaSentry.

Re:

[UnknowingFool]

Upon reading the transcript, he compared the hard drive to the information that RIAA provided him. To him it does not appear to be the same hard drive. However, he is relying only on the information from MediaSentry and Verizon logs. I would trust the Verizon logs but who says the MediaSentry logs are correct. From the wiki article on MediaSentry [wikipedia.org]:

In Foundation v. UPC Nederland[1], MediaSentry's investigative methods were held by an appeals court in the Netherlands to be unreliable.

Whatever.

[arkanes]

Did none of you read the PDF? The expert report says that the hard drive provided to him was *not* the one used to share the files. He doesn't discuss his methodology in any detail, but it's reasonable enough. He states that, based on his analysis of the hard drive that the machine was directly connected to the internet (not via a router), which is easy enough to tell from the IP address assigned, and that it does not and did not have Kazaa (apparently the p2p program used) on it. From the other links, it sounds like they're claiming that his isn't the hard drive they wanted, from the machine they wanted, and that they're trying to get access to the sons hard drive based on that. Assuming that the expert isn't totally incompetent and/or lying, he's right. If this hard drive is from the machine that had the IP addresses in the subpoena from Verizon (he says he has access to the Verizon information, but not whether or not the IPs match up), then you have a pretty airtight dismissal - no evidence of sharing, lets go home. If they're trying to claim that the son probably brought his machine over, you're going to have to rely on legal arguments rather than technical ones. It's certainly possible that he did, but I don't know enough about the law to say whether that matters in a case like this. The case is against her, not her son, so can't you argue for dismissal on that alone? If they're claiming that you gave them some totally unrelated drive, you're going to need to document where that drive came from. I assume you have all your ducks in a row with regards to the chain of documents and evidence for that drive. If you don't, then someone screwed up along the way and someone is going to pay for it - probably your client and her family. That's not something interrogation of this witness will help you with - his analysis of the drive is probably correct. What he's saying is that he didn't find the evidence the RIAA wants on the drive, so prove that's the drive they asked for and go home.

Re:

[Dunbal]

Did none of you read the PDF?

      Come on, this is slashdot! We don't even read nice HTML articles, much less a nasty PDF! Now if it was a jpeg and had some titties...

Re:

[TubeSteak]

I agree with everything you've said 100%.

However, NewYorkCountryLawyer is looking at the bigger picture beyond just this case. Since very few of these cases make it past the settlement letter stage, it behooves the defense to get as much information as possible each and every time.

The idea is not only to dismiss this case, but to air out as much of the RIAA tactics, methodology and bullshit as possible.

Or at least I assume that's what is going on here, otherwise why bother to depose the RIAA experts?

Other computer, other IP address.

[whoever57]

IP address assignment varies by ISP and also within ISPs, but my experience is that if I disconnect my PC from the cable modem and connect a different computer to the same modem, it will get a different IP address.

Thus, the idea that the disk is from a different computer that had the same IP address is unlikely, at least with my ISP.

Real questions

[realmolo]

I read the PDF report from the RIAA's expert.

Seems that he's saying that the hard drive he examined contained NO TRACE of Kazaa ever being installed, and no trace of any "shared files". He goes on to say that the hard drive appeared to be hardly used, since there were very few user-created files. The implication is that the hard drive he examined is not the hard drive that was used to share music, or that it had been completely erased at some point.

I would ask him about the possibility that the hard drive was reformatted in the process of re-installing Windows, via an normal Windows CD or especially a "restore CD". And I would also ask him if it is possible that Ms. Lindor re-installed Windows because she was having other problems with the computer, and a re-install was the simplest way to fix those problems. I would also ask him if formatting the drive and re-installing Windows is a common way to repair computers that have become unusable due to viruses and spyware. I would also ask him how common spyware and viruses are, and how a user such as Ms. Lindor would be able to fix a machine infected with spyware and/or viruses without resorting to formatting her hard drive and re-installing Windows.

Basically, reformatting the drive is a perfectly legitimate thing to do when Windows, or any operating system, becomes "unusable" due to corruption of system files by malicious software. Just because her drive is "empty" doesn't mean she is trying to hide evidence. She may have done it simply to get her computer working again.

Re:

[Iphtashu Fitz]

I would ask him about the possibility that the hard drive was reformatted in the process of re-installing Windows, via an normal Windows CD or especially a "restore CD".

Excellent points, and a perfectly valid line of reasoning. This goes perfectly in hand with my last post [slashdot.org]. After my brother determined that his Windows PC had been hijacked by some malicious software to use it as a P2P site for porn he decided to wipe the drive and re-install from scratch. If it had been sharing mp3's instead of porn then

Re:

[Speare]

I would also ask him how common spyware and viruses are, and how a user such as Ms. Lindor would be able to fix a machine infected with spyware and/or viruses without resorting to formatting her hard drive and re-installing Windows.

Then I would ask him about the Sony rootkit, and how a user should remove such unauthorized software if not by formatting and reinstalling Windows. And so on.

Re:

[UnknowingFool]

On the surface, it looks like the defendant is hiding something (namely a harddrive) however, if you delve a little deeper you see that the expert might actually prove the defendant's case.

All the expert did was compare the hard drive to the one that should exist according on MediaSentry's logs and Verizon's logs. He concluded that they were not the same HD. However, the expert did not authenticate either Verizon's nor MediaSentry's data. Normally experts are only asked to testify on a specific subject.

what proof does RIAA have that this is not license

[swschrad]

as I understand things, under the law of the land, which is also called "fair use" provisions of the copyright act, you can have as many copies of a licensed work as you want, as long as you always hold onto The One that the license came with, and only one is in use at any one particular time.

it is my understanding that you are also permitted to keep these copies on alternative media.

the questions:

(1) so if little boopsie decides to download an MP3 of "screaming babies," for instance, because little boopsie

Re:what proof does RIAA have that this is not lice

[mr_matticus]

Your first question really outlines the problem with this litigation. The RIAA doesn't go after people for downloading a song here and there--they go after people with a few hundred, for the most part, because it's likely that they don't own CDs of all or even most of them.

Beyond that, anyone who gets caught should consider the costs of litigation and potentially losing vs. going out immediately and buying the CDs containing all the downloaded works. However, you still have to contend the with 'illegal

Odd

[bmajik]

The expert report says two things:

- based on the ip address (of what? how was it determined), he thinks the computer wasn't connected to the internet wirelessly (i hope he's smarter than this and is just leaving out details)

- he doesn't think the harddrive they've got was one that ever had kazaa or any media files on it. IOW, its not the "right one"

Prove it!

[wynler]

Can you prove that the user was not licensed to possess the file? Does he, a neighbor, a friend or otherwise own a license? Was this license temporarly used on this computer? if so then there is always going to be a trace of the file.

For example, I own a copy of Artist A's cd. I share this CD on a P2P network so that I can play it for my friend at his house (FairUse). I then delete the file when we're done.

Nothing unethical took place in the above scenario.

Technical side. Publi

Could the defendands computer have been hacked?

[Iphtashu Fitz]

Here's one for you:

Is it possible that the defendands computer was compromised in some way by a third party without their knowledge, and that the third party was the one who put the music on the computer and set it up to be shared?

I was at my brothers house over the xmas weekend and he was complaining about odd behavior on his Windows PC. The mouse simply stopped functioning properly in a number of applications, etc. He's on a DSL line but behind a router/firewall, with a software-based firewall and virus scanner installed. I decided to do a thorough check myself, however, and discovered that there was a directory containing over 2 gigabytes of porn that he knew nothing about. It was quite obvious that some sort of malicious software had made it onto his PCand turned it into some sort of porn file server, probably for some P2P network. Now my brother is no Windows expert but he's fairly savvy technically (college grad with a computer science major, MBA from a well respected business school). If he couldn't detect this going on with his own computer then how could a computer-illiterite person be expected to?

The obvious one

[grazzy]

How much of the money RIAA claims goes back to artists who created the music?

What I'd like to ask

[rewt66]

... but you probably shouldn't:

Isn't your client's stupid business model costing him far more money than the file sharing is?

Stuff that might actually be useful to ask:

- As someone else said, how do you prove that the screen shots have not been altered?
- If the screen shots are backed up with packet captures, how do you prove that those were not altered?
- Given that both IP and MAC addresses can be spoofed, how do you prove that the defendant's computer was actually the source of the packets?
- Given that the titles of stuff on a file sharing network may have no relationship to the contents of the file, how do you prove that the file actually contained material copyrighted by the plaintiff?
- Each song that the plaintiff says that the defendant illegally shared/distributed was not actually written or recorded by the plaintiff, but by an artist. The copyrights were assigned to the plaintiff as part of a contract with the artist. For each song, prove that the plaintiff has valid control of the copyright by having met all the terms of the contract with the artist.

I really like this last one. If the RIAA has been stiffing the artists on their royalties or with funny accounting, they're going to have to run the funny accounting past a judge, and justify why they get to sue for copyrights where they are ripping off the artists. Even if they can give an accounting that passes the laugh test, it enormously increases their workload in the case.

I read the PDF...

[Shadowruni]

Item 5 is too vague, I can set my router to say whatever IPs I want, good net citizen doesn't do this but non-reputable... IP addresses are not.

Item 6 is simply a fishing expedition, IANAL but last time I checked this is legal but HIGHLY contestable. The rest of the content isn't very good as it's akin to saying that since *you* own a gun you may know who shot someone else *ANYWHERE IN THE WORLD* with a gun.

Item 7 isn't that good either but it *does* show that the person in question is related to the person there.

All in all I'd say what you have to overcome is the CSI/Law and Order effect of IPs being traced like a phone call to the exact address because that's what you're up against.

Also what are they using to take these screenshots, did they have a warrant (RIAA tends to forget they're NOT law enforcement). "We use encryption" is not a valid answer for that as both MD5 and SHA-1; standard hashing functions used to prove that data has not been tampered with have BOTH been proven to have collision domains (places where different data can have the same hash).

Ok, on to the questions. Since you didn't say the field of the

First off I'd ask about the screenshots and then if he brought out the encryption statement, I'd tear him apart on that, Stealing the Network: How to own the box, (a great book on network security, stories are fictional but the technology is VERY real), has some great layman's explanations for this. If they say it's proprietary then you can tear that apart with enough ammo for NSA people and such. (no one rolls their own crypto it's just too hard, just because *you* can't break it means absolutely nothing, CSS, Apple DRM, Comcast crypto anyone?)

Then I'd ask how they got the numbers for the values of their songs and I'd then rip apart the logic on that as I heard it's something like 730 a song, so then that means that a Vanilla Ice song makes as much money as something from The Game.

Then I'd ask about the full enforcement of the copyright laws and then if they felt exceptions should be given, and demand a yes or no from them. Then point out that the children of the CEO of Time Warner stole music [slashdot.org] and just leave it at that.

That's all I could come up with in five minutes. I tend to equate the RIAA lawyers to humans (but not *AS* humans) in two words "Mostly Harmless".

IANAL.

[mmell]

But TLP'er is, so here goes...

On initial analysis, the gentleman does appear to be qualified to render "expert testimony". I assume that his bona fides are in order. The fact that jurisdictions outside the US don't acknowledge his expertise is irrelevant - this gentleman's qualifications appear (unfortunately) to be impeccable.

Many of my associates here on /. to the contrary, the plaintiff will probably have little to no difficulty establishing whether or not the suspect computer in this case was using the IP address from which the plaintiff alleges the copyright infringement took place. Likewise, based on the ISP records, the plaintiff will probably have little difficulty proving that their record of the shared content as identified from the plaintiff's computer is an accurate and correct representation of that IP address' activity. Attacking the accuracy of their data (showing a computer at the defendant's IP address was sharing files via P2P technology) will probably likewise prove unproductive; and as I'm sure you're aware, making allegations of misconduct without evidence on your part to support your allegations could be very bad for your professional situation. To my /. fellows, remember that this is a civil case - the standard is not "proof beyond a reasonable doubt" but rather "a preponderance of evidence". With that end in view, rather than attacking the assertion that illegal file sharing took place from that IP address you should try to establish whether or not Ms. Lindor's computer contains evidence of this illicit activity.

While Ms. Lindor has been named as the defendant, I would suspect that the plaintiff's case hinges not on alleging that Ms. Lindor actually performed the acts in question, but rather that by providing internet connectivity and/or computer equipment which was used to ostensibly perform this act, Ms. Lindor is liable for damages caused by this act. However, the plaintiff's entire case rests on proving that the physical connection used to perform this act terminates with Ms. Lindor's residence and computing equipment (areas under her control). You should have little difficulty finding your own expert in the IT field, one who can demonstrate ideas such as MAC and IP address spoofing to gain illicit access to a network. Your expert should also be able to establish that (barring an extremely involved investigation which did not take place at the time) these items, while intended to be unique to a single computer connected at a single point to the network, are in fact easily forged. It should then prove trivial to explain why these items can not be used to positively and uniquely identify Ms. Lindor's computer and network connection.

Finally, you might consider analyzing the state of Ms. Lindor's equipment. If she was using any version of wireless networking, that would imply an even greater likelihood that the acts in question were performed with neither the knowledge or consent of Ms. Lindor. Insecurity in wireless networks has been a problem practically since their inception; and while Ms. Lindor may still have some liability (much like the registered owner of an automobile may be liable for damages caused by a thief who stole that automobile), this may be a factor in mitigation or extenuation of the alleged infringement.

Incidentally, you should ensure that UMG is fully aware of what the news will make of all this after a verdict is rendered. "Single mother loses home, life savings to music industry" would make a great headline, and I'm sure you could find more than a few sympathetic journalists to write an appropriately scathing article to go with it. As you're well aware, the courts aren't the only courts in this country; the court of public opinion can be a monstrous thing to those unwary enough to stand in its path!

Here's an obvious one...

[supremebob]

"Why do you think that US copyright laws apply to Russian businesses?"

I'm referring to the RIAA 1.65 Trillion dollar lawsuit against AllofMP3, of course.

Discovery questions

[gregor-e]

Since this is the discovery phase, I'd ask plaintiff to produce documentation substantiating the validity of the copyright for each claimed infringement, along with a complaint from each rights-holder or designated representative for each instance of alleged infringement.

I'd ask for specific evidence that establishes the defendant as the perpetrator of the alleged infringements, especially evidence that excludes the possibility of defendant's computer having been used, perhaps unknowingly, by an outside party - friends, hackers, etc. The presence of an 802.11 connection could make this especially tricky. It shouldn't be too hard to come up with numerous examples of people's PCs being taken over for illegal purposes, thus decreasing the strength of the 'preponderance' that shows defendant committed alleged infringements.

I'd ask for information supporting plaintiff's allegations of damage. Given the high likelihood that all of the infringed properties are available anytime, from any internet connection, by any subscriber willing to pay $6/month to Yahoo! Music Unlimited, any claims for damages beyond $6 per month total (or, more precisely, whatever fraction of the $6 the rights-holders would actually receive from Yahoo), are obviously egregious.

I would ask THIS question

[thanksforthecrabs]

Are there or have there ever been any operating system exploits that could allow someone to remotely connect and allow said "hacker" to upload and share copyrighted material? I know very well of one small business that had a virus that set up a hidden FTP server of French porn. Would the small business be liable in this case?

Discredit him thoroughly

[Xenographic]

Obviously, we know several things:

* Screenshots are unreliable. They're easy to fake. I suggest you have a few fakes on hand.
* Thus, the chain of evidence *IS* the evidence and the only evidence. Make sure you know EVERY detail about it.
* You can't really prove which person was at the computer without something else to corroborate it, only the owner of the computer.

These are the biggest apparent gaps. You need to know everything about them and to dump as much as you can into the public record for us. You also need to document all the "I don't know" answers, because those will be the ones where you might hurt them the most.

Therefore, you should question him in detail on at least the following points:

* How are the screenshots taken. Who has access to them? What's the chain of evidence? How and where are all of these things stored? Are they stored in a secure manner? How would you know if they were altered?
- Make doctored screenshots. Have him "authenticate" the fakes. Bonus points if you do this in front of the jury. Double bonus if the infringing IP is that of riaa.com, sony.com or similar. WARNING: This is a public site. He may VERY well be reading this.

* Describe, in detail, the exact process by which you find those allegedly infringing upon your copyrights. Be methodical. You want to know the exact version of the OS they're running (not just "win XP" or "various"). You want to know EVERY program they use, even if it's MS Paint. You want them to produce the source code of any custom programs for analysis by outside experts. You want to know about any known flaws. You want to see any and all release or design notes, ESPECIALLY any bugs, source/versioning control, changelogs, etc. You want to know which exact version of their custom program found the infringement for this case. That does NOT let them off the hook on letting you examine prior versions or newer versions--old bugs DO stick around even when they've been "fixed" and you need to see both newer and older versions. I.E. if the bug has been fixed twice, you know it was there in the interim. Yes, they may put out protective orders and whatnot, but the more information about this you can get into the public record, the more they'll squirm and the more we'll reveal the sloppiness they're hiding. And I know they have things to hide, unless they're so clueless as not to know their own weaknesses. You can work both alternatives to your advantage.

* Describe how the ISP identifies the person associated with the IP. You may actually have to subpoena the ISP on this point, I suspect they'll just produce the letter and say that that's sufficient. It's not. We both know that even if the IP belonged to a computer using their internet service, they don't have any idea who's at the screen at any given time, only which account is active. And even this may be unreliable. You NEED to get every last detail about how they log the IPs leased out, how they associate them with their customers, where the data is stored, how long it is stored for, who has access to it, on what computers it's stored, how reliable those computers are (e.g. any records of maintenance, program changes or downtime), etc. You're the lawyer here. You know better than I how important being methodical in discovery is, and every detail may be significant. I suspect they'll have trouble producing everything. Records may not exist for some things, but this is also important--every gap is a gap in their chain of evidence. It takes only one broken link to destroy a chain... Get EVERY detail you can from this into the record and make sure it gets sealed or redacted as little as possible. All these details about software, hardware, and the human processes that work with them are of vital importance to us for technical analysis, just like case law, venue and precedents are to your case. Even the programs they don't use directly, like antivirus or firewall software may be important, not to mention the topology of thei

Stick to the fundamentals...

[geoff lane]

Stick to the fundamentals...

How does that RIAA know that a given computer was under the sole control of the current owner? A badly secured Windows PC may be under control of somebody a thousand miles away.

"Just how can you sleep at night?"

[The_REAL_DZA]

Or, more interestingly, "Where do you sleep at night, and are you a sound sleeper?"

Questions and Doubts

[Flamefly]

Point 5 in the experts paper, is that he establishes that the computer wasn't connected to the Internet via a wireless connection:

"Based on how IP addresses are assigned, it is not difficult to determine whether a computer was connected to the Internet via a wireless router." ... "I base this on the data mentioned above, as well as on the registry entries recovered from the computer and the fact that there was no internal IP address here."

I assume this is to counter the argument that anyone could have been using the connection. It seems that from looking at a hard-drive it would be problematic to find how a computer was connected to the Internet at a specific point in the past. DHCP means nothing need be set, so I find it strange that the lack on an internal IP address would be proof against it. Ask the expert if there would be a record of an IP change on a specific date, and where that record is located.

In point 6, he mentions

"...that this hard drive was not the same hard drive that was used to share copyrighted sound recordings as shown by the MediaSentry materials"

How can you be sure it's not physically the same hard-drive? Did MediaSentrys information include serial codes for the hardware? Had the hard-drive been formatted to repair a spyware-ridden Windows installation (addressed in an earlier post in this discussion). How invasive can spyware and trojans be?--Could someone externally have been using the defendants computer as a proxy if this was the case?

Perhaps the most compelling quote from the expert is

The hard drive that was provided and that I inspected, showed little usage at all, as evidenced by the lack of user created files and e-mails, and did not reveal the evidence noted above, which I believe the correct hard drive would certainly have shown.

How much is enough user content? I know people who use their machine for Internet, including webmail. They don't have any office products installed, nor do they go to uni, or use the machine for work, their entire content floats around their temporary internet files directory, which can be wiped with a few clicks.
It may seem unlikely to an expert who is so engrossed in technology that he simply doesn't consider that someone might use a machine for simple leisure.
Also, what timestamps are shown for the system files, that should more accurately date the installation time, but even so, dates can be very easily changed. Keep hammering home how very malleable data is, it will help to give the defendant wiggle-room, but also make MediaSentrys information all the less solid.

Above all the specifics, ask how can MediaSentry be sure that the client was aware they were sharing files (I know people who have had horrific experiences using and getting rid of P2P programs) and that any infringement took place. How can they be positive that the files they recorded as being shared by the user had indeed been shared (transference of data), and were infact the songs they were named after (A rose by any other name...). If MediaSentry downloaded the file to check, how can they be sure others did? Especially in a world of P2P, where one downloader might get one file from a hundred sources, perhaps that if files were downloaded from the user, the user actually contributed 0 bytes.

There is such an incredible amount of doubt in anything like this. Use it to your advantage.

here's my strategy

[greenrom]

First I'd use their own witness to establish a possible defense for the alleged infringement. Then I'd point out how weak the argument for claiming the hard drive he examined is not the correct one. Finally, I'd establish that there is no evidence that the hard drive they're trying to subpoena contains any evidence of infringement and portray the whole thing as a big fishing expedition. Let me walk through these 3 in a little more detail.

1. The witness claims the computer was not connected to a router because of the IP addresses he observed in the registry. The addresses you'd typically use for a home router are non-routable ip addresses like 192.168.*, 172.*, or 10.*. These are special address ranges that don't appear on the public internet. Routers use them because you can guarantee that the IP addresses assigned to computers by the router will not conflict with any other address. While it is possible to configure most routers to use a different routable address, the assumption the defendant makes is probably reasonable. However, if no router is being used as the witness claims, then the attached computer did not have the protection a router's NAT provides from outside attacks. I would grill him on this. The theory I would push is that since the computer was insecure, someone else did the infringement but used the defendant's vulnerable computer to run proxy software to hide their illegal activities. This sort of thing actually happens quite frequently. If you search, you can find lots of software for doing this. Further, proxy software isn't that difficult to write. Anyone with a good programming background could easily write one, and anyone with a good understanding of networking who wanted to do something online without it being traceable back to them would likely use this exact technique. Virus scanners already detect many of these programs, but there are many, many more that the virus scanners don't know about yet. I would get him to admit this. There are many, many ways to hide software like this, so even if you look for it and don't find it, you can never be completely sure it isn't there. That's why many experts will tell you that if a system has been compromised, the only sure way to restore it to a secure state is to wipe it and reinstall everything. There's just too many ways to hide malicious software to be sure you found everything the attacker did.
2. I'd point out the many other conclusions one could draw other than, "this must be the wrong hard drive." One possibility is the proxy explanation I gave in #1 - kazaa wouldn't be on the computer in this case. Another explanation for the lack of files on the computer is that the defendant just didn't use the computer very much. Another explanation would be that the computer recently had the hard drive formatted and the software reinstalled - I believe this is undisputed. An explanation for the lack of kazaa files is that kazaa was never there in the first place. Essentially he's saying, "I was told the person using this hard drive was using P2P software to share files. I don't find any evidence of that on this hard drive, so this must be the wrong hard drive." Another explanation is that it's the right hard drive, but that kazaa was not being used and the defendant didn't even use the computer that much. If you try to say a format and reinstall would wipe away all evidence of kazaa, he might try to claim that the forensic software he used could still detect it as not all the data gets overwritten. This is true, but to counter this, ask "Is it possible the data you were looking for could have been overwritten when the operating system was reinstalled?" His answer will be yes. "Could your forensics software detect that data after it has been overwritten by other files or when the operating system was reinstalled?" His answer will be no.
3. Finally, portray the whole thing as a fishing expedition. Ask him about how widespread the problem of illegally sharing files with kazaa is. Ask him if you randomly just

Here's a few

[Ironsides]

I'm reading over the PDFs and typing this up as I read them, so it may seem a bi unorganized.

1) You state that because you found the resume of Gustave Lindor, Jr. on the defendants machine that this "document indicates he was living and working in Brooklyn, New York during the dates that the copyrighted music was being shared."
Point 7, Page 5 of the 'expert' report

a) How does this prove that Gustave Lindor, Jr. was using the machine and that he had not, for instance, e-mailed the resume to his mother (the defendant) for advice or recommendations of modifications to the resume.

b) How does this prove that Gustave Lindor, Jr. was actually at the machine, that the file was initially create on the machine or that Gustave Lindor, Jr. had ever touched this machine? (i.e. couldn't the file at least have been dictated)

c) Does this not mean that the case should be dropped against the defendant due to the lack of evidence found on machines that she owns?

d) How can you prove who was using the computer at the time of the alleged infringement?

2) From the 26-page curriculum vitae (I glanced over this one)

a) Are there any EE/ECE/CS courses that you did not include in this? Why?

b) Have you ever received a failing grade in any EE/ECE/CS course?

c) When was the last time you enrolled in aa EE/ECE/CS course? Course Name? Type? Grade?

d) Have any disciplinary actions ever been taken against you or have you ever been rebuked/censured (Note: no typo, I do not mean censored), by any University or Professional Organization such as the IEEE.

e) Have you ever cheated/plagarized on homework or a test?

3) What possible evidence could there be on Gustave Lindor, Jr.'s computers that would implicate the defendant in any of the charges against her? How would any evidence on Gustave Lindor, Jr.'s computers implicate the defendant and not Gustave Lindor, Jr.? How can the defendant be held responsible for any relevant activities by Gustave Lindor, Jr.?

4) What proof do you have that Gustave Lindor, Jr.'s computer was ever at the residence of the Plaintiff? Ever possessed on of the IP's in question? Has ever had KAZAA or any other file sharing program on it? etc... (I'd suggest having some fun and running with this one out of malicious mischief if nothing else)

5) How is this not harassment of the defendant and/or her family?

6) How can you positively completely 100% prove that any single computer ever possessed a specific IP address in the past?

How important is it?

[anubi]

Given the importance the computational infrastructure is to our society, as it now maintains hospital records, medical equipment, flight safety, industrial operations, personal histories, damn near our entire economic data, how much is it worth that we thoroughly understand this technology?

Is it really worth it, for the priviledge of a few for the use of exacting payment for content, to legislatively mandate ignorance of this technology?

Today, viruses are rampaging our networks. Supposedly "top secure" ways of selling somebody something without giving it to them, are cracked and made public within days of release. Our top business systems are violated within days of release. Aren't we chasing after wind? Ignorance only makes us vulnerable to others with wisdom. People who are not compelled to live under our law reign free, unfettered by our laws. Only the law abiding citizenry will adopt ignorance.

While our wisest minds in Washington ponder law to restrict knowledge of our computational infrastructure, other equally brilliant minds in countries eager to collapse us by rendering our technologies useless can use our ignorance to their advantage.

A typical instance of this in history is how Alexander the Great rendered a far more powerful adversary helpless by causing his adversaries infrastructure ( his elephants ) to malfunction ( by blinding and stampeding them ). His adversary now had his hands full with his problem elephants while Alexander took control.

When we do not understand our own technology, our business leaders are going to be completely powerless to control anything if their communications infrastructure has just about the same effectiveness as giving a child a toy steering wheel in a car.

I hate to see so much of our technologies being so centered aroung hanging itself up if something isn't just right. All this secret-keeping. Its enough to give any computer engineer the CIA Heebie-Jeebies ( as related in that movie release "The Good Shepherd", when nobody could trust nobody. I know we love to talk "trust", but frankly, EULA's instill about as much trust in me about as much as a pre-nuptial agreement instills a sense of love. If you want TRUST, then be RESPONSIBLE for it, not deny it in a EULA.

I would hate to have future civilizations digging up the remains of our civilzation, only to discover our civilization was done in by ignorance of how their own technology worked ( as in the theme of many Star Trek episodes ) and deduce we we became ignorant of our own support technology for a song. Literally.

Re:Oh, man, this is sad.

[RingDev]

The differences is most readers of /. are not lawyers, so asking questions about law on /. is kind of pointless.

Inversely, most readers of /. are technically adept, so asking questions about technical issues (like is this 'technical assessment' valid?) can be rewarding. Even if you are a lawyer.

-Rick

Then he should have asked his question better

[Slashdot Parent]

What he should have said was:

The plaintiff wants to compel $person to surrender his computer for forensic analysis. For the judge to order this, their evidence must meet $standard.

Their evidence is $evidence. How can I show, from a technical perspective, that $evidence does not satisfy $standard?

Re:

[TheRaven64]

Typical that a lawyer would be the first person to work out how to bill for their time while reading Slashdot...

Re:I'd ask

[HappySqurriel]

Why does the RIAA suck so much?

That is an easy question to answer ...

The RIAA sucks because it is an association that is designed to protect the interests of large music corporations by ensuring that their broken buisness model continues to exist.

The reality of the situation is that current technology is scary to RIAA members because a band/artist doesn't need a label quite like they used to (and as time goes on and the technology advances they don't need a label at all). Consider:

• A band can now record an album on their own time in an inexpensive home studio; the quality of equipment that you can get for $10,000 today (with effort) can rival the production of a Million dollar studio the labels have
• You can self promote your band through the internet; as time goes on sites like Youtube may be able to provide inexpensive access for a band to find an audience, and an audience to find a band
• You can sell your album online for a fraction of what the label will charge and still make more money off of the sale; if you were to charge $0.25 per song and $2.00 for the full album you would make (a lot) more money than the label would give you for the same music

Being that merchandise (like T-Shirts/posters) can easily be produced and ordered online (to be sold on your web-store and at your show), and you can self promote your shows, a hard-working band can make a decent living without needing a label; they may never get to the same level of fame that a label will get you, but you also don't need the same size of an audience to make playing music your life.

Re:

[Barsema]

I bet they write better English than you do Dutch (their native language)

Re:

[mr_matticus]

#5 is easy. If you don't pay for unlimited rights, you don't have them when you're licensing media. You know the disclaimers about "licensed for home use" and so on? You're buying limited access to someone else's property. It's a license in perpetuity, as opposed to a "rental" (being temporary), but you don't have any more rights than the ones you buy.

The problem here is the philosophy that you start with every right except those denied to you. That's good and perfectly true for laws, but when you'r

Re:

[Scott Lockwood]

So, again, if I have paid for the right to listen to the music, what right do they have to restrict my right to them listen to that music?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[NewYorkCountryLawyer]

Unfortunately you have your facts wrong. The RIAA doesn't have a shred of evidence of any uploading. to anybody.

Re:

[jank1887]

general law of the land does not typically need to be spelled out in each and every agreement. Current law of the land stipulates rather stringent limitations on the right to produce copies of some one else's copyrighted works, except where exceptions to that limit have been granted. Sharing involves producing copies (even partial ones), thus potentially violating the copyright if the copyright owner hasn't granted you licence to copy in that fashion, or unless law of the land stipulates that the form of

Warning: Licensing Media Troll

[mpapet]

If you don't pay for unlimited rights, you don't have them when you're licensing media.

Extra points to everyone who saw the bus-sized hole in this statement.

ANY media I purchase is subject to the doctrine of first sale. That means, when I buy it it's mine to do with what I want within limits we all know and follow.

The media conglomerates want to pretend the doctrine of first sale doesn't exist by pretending digital media is somehow radically different than an LP/VHS or even the CD.

On its face that is ridic

Re:

[mr_matticus]

DFS *only* applies to your copy; it does not apply to the copyright. DFS allows you to sell, destroy, modify, format shift (since 1998 only in compliance with the DMCA), disassemble, or otherwise manipulate your copy. It does not allow you to redistribute, assume control of, repackage, embark in multiple simultaneous uses of, or (since 1984) rent/lease/loan the copyrighted and/or trademarked works embodied therein.

Re:

[mr_matticus]

I don't have an 'employer,' and nothing is being rewritten. Please see 17 USC 109 and all applicable case law. There are numerous protections in place for derivative works and an extensive and rich history of case law to support and define those works. Regardless of anything else, you, like most other Slashdotters, have lost sight of what a license truly is: it is a limited transfer of rights from an originator (author, owner) to a customer (licensee, purchaser). Again, like I posted earlier, purchase

Re:Seriously??

[Dunbal]

A lawyer posting an "Ask Slashdot" question?

      Is he going to bill us?

Re:

[gnarlin]

A lawyer posting an "Ask Slashdot" question?
Is he going to bill us?

No, we are going to bill him!

Re:

[NewYorkCountryLawyer]

Priceless.

Re:

[phillymjs]

On a big (but apparently not yet big enough to suit them) pile of money.

~Philly

Re:

[Overzeetop]

Depends on the material. To be a witness in engineering matters, you need to be a professional engineer, which takes a minimum of about 8 years if you pass the exams the first time. Oh, sure you can try to pass an an expert witness without a PE, but you may get shot down, as happened recently somewhere in the midwest. Naturally, this varies from state to state. Good money in it, though. A lawyer I work for gave me a hard time about only charging $150/hr last time we worked together.