What Questions Would You Ask An RIAA 'Expert'?

NewYorkCountryLawyer asks: "In UMG v. Lindor, the RIAA has submitted an 'expert' report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's 'experts' have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"

I'd ask:

[Vengeance (46019)]

How old are you?

You see, I'm doing a research paper on how long a human can live without a brain.

Re:I'd ask:

[Vengeance (46019)]

Followed by "Would you like to buy some?"

Jusst one Question

[Joe Snipe (224958)]

Why?

Re:Jusst one Question

[nacturation (646836)]

Why?

Actually, why this story has been posted is quite ingenious. All of the +5 responses supplied become NewYorkCountyLawyer's cross examination of the RIAA experts. It's like having access to thousands of researchers with a passion for the topic. Quite a brilliant idea, really.

Next up: Hans Reiser's lawyer wonders what questions you'd ask a homicide 'expert'.
 

Re:Dear Slashot

[LuYu (519260)]

It seems very odd for lawyers to be asking Slashdot how to defend their client. Right? If your lawyer can't do better than that, you should get a better lawyer.

Wrong. Lawyers understand the law, not technology. You could probably build a ladder to the moon with all the text that is generated on Slashdot alone about stupid lawyers and politicians getting technology wrong. This expert witness is a Geek (yes, with a capital G), or at least he thinks he is. This could not be more completely Slashdot's turf.

Lawyers do not often consult public opinon on any topic. They should be thanked for this.

Also, by the way, the lawyers here are not doing their job, they are doing your job. They are defending your freedom to share information -- which is the modern form of speech. It is every individual's duty to defend freedom. Do not criticize them for giving you a helping hand.

Conflict of interest

[MECC (8478)]

What steps would you take to prove that a screenshot is 'authentic'? If I doctored a screenshot to include a list of songs, how would you discover the doctoring? How would establish that the song names contained the correct songs and not something else? Are all screenshots unalterable?

Describe the process of 'proving' that someone's home computer used a given IP address at a given time. Anywhere.

Very good questions

[NetDanzr (619387)]

Those are very good questions. I'd add the following:

* How do you prove that the contents of the "shared" folder were actually shared with third parties? (I have a "shared" folder with music on my PC, to stream to my other PCs and my stereo)
* How do you prove the "shared" folder was not created automatically by the P2P software?
* How do you prove that the user was computer savvy enough to prevent the software from creating the folder?

Re:Very good questions

[Daemonstar (84116)]

I'd also add:

• Can you determine who was operating the computer at the time of the alleged offense? (I realize that this may be nullified by something like "criminal responsibility"; does this matter in a civil case?)
• How do you know that the defendants did not already own the material they were downloading? Or is it merely "distribution" (uploading) that is at the center of the offense?
• How is sharing a file considered "distribution"? Why does it apply here and not in other circumstances (cite thoughtful and meaningful scenarios here)?

Re:Very good questions

[whoever57 (658626)]

* How do you prove that the contents of the "shared" folder were actually shared with third parties? (I have a "shared" folder with music on my PC, to stream to my other PCs and my stereo)

This raises an interesting question: how do you prove that the listed files could actually be shared and that technical means (such as a firewall) were not preventing sharing, while still allowing the listing of files?

Re:Conflict of interest

[Iphtashu Fitz (263795)]

If I doctored a screenshot to include a list of songs, how would you discover the doctoring?

Even more importantly, what if the actual files were doctored. If I were to create a file named "Around the World - Red Hot Chili Peppers.mp3" and put it on the Kazza network how would you determine if it's actually that song? Are you relying on just combinations of filenames and checksums/hashes? Hashes like those used by Kazza can be replicated with a bit of effort. Maybe I set up a phony Kazza server to flood the network with bogus copies of files. They'd need to download the actual files and listen to them in order to verify their authenticity.

Re:Conflict of interest

[swillden (191260)]

Realistically, if you're sharing a file with that name, it's improbable that it's not what the file says it is.

I see you've never actually used Kazaa or similar P2P networks.

Re:Excellent Questions

[mpapet (761907)]

Maybe the legal staff needs a little explanation as to why these questions are *so* important and hopefully clarifying things.

1. Screenshot http://en.wikipedia.org/wiki/Screenshot [wikipedia.org]
There is *no* way to prove where a screenshot came from. There is *no* audit trail, no chain of custody, no way to verify where the screenshot came from. NOTHING. Practically speaking it is *very* simple to completly fabricate screenshots. I'm not saying prosecution would do that, but very substantial doubt is easily established by asking the parent's questions.

2. Chain of custody on the PCs in question
Has the chain of custody been established and verified? Do you know the PC hasn't been tampered with by prosecution? Obviously you can't say that outright, but what they are claiming is almost impossible to verify.

3. What were prosecution's discovery techniques?
Substantial doubt can be established by punching holes in their discovery methods. Screenshots is a good example. Easily faked. Or maybe it's just a case of "the wrong man" because it's not clear who did the stealing which doesn't question the prosecution's standing as good lawyers so much. There will be many holes you can drive a bus through and slashdot is just the place to clarify/verify. I for one will be happy to volunteer if it sets some precedent. mpapetATyahoo.com.

4. Chain of custody on the files in question
It's possible that the files were transferred to them lawfully. Can prosecution establish a chain of custody on the files in question? Files on a computer is impossible to establish as fact the time/date the file was written. The opposite example is how easy it is to establish the time/date a shoplifter was in a store. A store employee would testify, "Because I saw them there" or "I caught them." There's no such analogy in file sharing.

5. Doctrine of First Sale
Check out the doctrine of first sale. That's a long-established precendence that may help you.

I'm shooting in the dark, but I want to help. I have a good server and some bandwidth, if you need a way to collect expert advice from the techies in maybe a wiki or slashdot style site let me know. It'll take a couple of days to set up. I'll do it for peanuts just to establish some precedent.

Re:Conflict of interest

[DCFC (933633)]

I agree it is a good question, but I'd spin it slightly. I'd ask him *how* to doctor a screen, and how trivial it would be to fiddle records that showed the defendant had a given IP address.
It would take very little time for a competent person to do this, indeed to ridicule the RIAA position,I could take a couple of days with an average 10 year old would leave them able to do this, a smart 8 year old could do it in a morning.
Ask him if he's conducted a review of ISP logging s/w, as in read the source code, not as in sent an email asking if it was "OK". Would bet good money he hasn't. Actually the ISP's aren't likely to sayt their s/w is 100%. a) Because it's a lie which no one will believe
b) they don't know if it works, and don't care enough to check.
Ask him why the records sent by ISPs say in big letters words to the effect "we've no bloody idea if this record is accurate, hell we can't even get change of billing address right, or get the accounts to add up, you think we trust these records ? Dream on. We sent them because we don't want to go to jail, not because they are correct."
One question I'd ask him as an educator is
If you had a student that could not change this data to support the RIAA case, would he award them a good grade ?
Maybe follow up by asking him how many people have such training (my guess is that there are more people capable of this in the USA than firing a gun competently. Would you convict on the grounds that the prosecutor said "almost no one can shoot a target as small as a person at 25 metres" I would follow this pattern for any of the evidence produced by the RIAA
Get him to explain as their expert how it could be faked. When he claims something cannot, come to Slashdot, and I am very confident that not only can we find an "expert" who can fix it, but possibly more usefully a 13 year old with no formal CompSci education to demo how trivial it is.
There is no computer record used by ISPs or almost anyone else that cannot be faked if you have the password.
My background includes records stored by banks and a major government, and they use tapes and disks of the same brand and configuration as everyone else. Tedious, but not hard.
Even the access logs that record such changes are themselves very fragile, and are simply entries in a different easily malleable list, typically on the same system, and it's far from unknown for the access level required for the audit list to be reachable with the standard system admin password. This is the default for nearly all database systems. If his track record is accurate, then he will have the options of either admitting the evidence could be fake, or lying. Next question is to ask him the typical failure rate of IT systems. Ask him the difference between mission critical computing like you see on aircraft and medical systems and the famously buggy and bizarre scareware the utilities blunder with. Ask him if he'd convict a friend of a serious crime based upon ISP records.
No one with any integrity would do this. Then ask him what level of crime/penalty he'd accept. Good odds he'll pick music piracy. In particular it is important that you get him to acknowledge that the records say that this IP address matched an account, not a computer. This is very much not the same as saying "this computer did this". If you're lucky and this twerp does'nt read slashdot, he will say the MAC address unqiuely identifies a computer. One typically assumes this in many applications, but it is a standard documented function of many devices such as routers to take whatever MAC address you tell them.

Re:Conflict of interest

[squiggleslash (241428)]

A very good point. I've been trying to figure out why people are responding as if everything the content maker's team comes out with has to be absolutely air-tight to the point nobody could even consider questioning it.

The reality is that unless the defendent can come up with a good reason why the screenshot would have been forged, it's likely to be taken by the court as evidence, and go a long way towards a "balance of probabilities" in favour of the plaintiff. So these kinds of questions aren't really that useful. Yes, technically, someone could have forged the screen shot, but there's no earthly reason why the RIAA and the content makers would actually want to frame an innocent computer user at the beginning of the case.

You know, most of this is pretty open and shut. People are offering massive libraries of music to download that they're not authorized to do. The technicalities are not computer based, they are not the kinds of questions the average Slashdotter is qualified to answer, they're legal. Does having a copy of a song on your hard drive configured to be automatically transmitted to anyone who wants it constitute fair use, simply because having a copy of the same song on your hard drive for the purpose of listening to it probably is fair use?

It's that kind of thing. Not "OMG! This IP address and time and song name was represented by pixels on a computer screen! You can easily forge those! Do they know this? Someone should tell them!"

Re:Conflict of interest

[NewYorkCountryLawyer (912032)]

My impression is that they
-make money on the settlements
-lose money on the default judgments and
-lose a lot of money on every contested case.

Re:Conflict of interest

[cpt kangarooski (3773)]

Actually, that's only the standard in criminal cases. In civil cases, the standard is the far, far lower 'balance of probabilities' standard. Simply put, it's 'whatever probably happened actually did happen' even if that probability is a mere 51%. Even if there's 49% of doubt, that's still not good enough in such a case for the defendant to win.

So honestly, if someone was accused of file sharing on the basis of them being assigned an IP at a particular time from which files were downloaded which contain copyrighted material, even if we only have RIAA's word for it, and the defendant had an open WAP, and a computer forensicist finds corresponding files on the defendant's hard drive, while we all may accept that there is a real possibility that the defendant didn't do it, does anyone think that he probably didn't do it? Because if he probably did it, despite even a very strong (but necessarily lesser) chance that he didn't, then you have to find him liable.

I find it difficult to believe that /. users would think that the defendant probably didn't do it, barring something else of particular significance.

Have you _ever_ made a mix tape?

[waterford0069 (580760)]

To take one for Steven Jay Page [wikipedia.org] of the Bare Naked Ladies

Have you _ever_ (and I mean EVER) made a "mix" tape? Did you give it to your SO/love interest?

Steven's argument being that effectively EVERY person in the music industry has done this at one time or another, and to be punishing their customers from doing effectively the same thing is hypocritical.

Start easy . . .

[Dr Caleb (121505)]

Like - did you listen to the alleged data to see if it was actually a copyrighted work? Does the copyright on those works all belong to the planitiffs?

Can they verify what IP address the alleded copyrighted work was uploaded from? (Eg: did it come from a single source only?) Go back a little further; can they produce anything that verifies Ms. Lindor's computer had the IP address they uploaded from at the time in question?

Freedom

[crabpeople (720852)]

Why do you hate freedom?

A bit about Mr. Jacobson

[linefeed0 (550967)]

I always hate it when academics use their position to further crap like this rather than fight the bullshit. My alma mater had plenty of these jerks too, particularly the people running the career programs in "e-commerce" and computer security. One telltale sign is that they've testified before Congress [senate.gov]. Apparently Mr. Jacobson doesn't like p2p because there's porn on it. The money shot is this bit:

There are several issues that make pornography on peer-to-peer networks more problematic than web or FTP-hosted pornography. You don't have to look for pornography on peer-to-peer networks; it will find you.

On SOVIET LIMEWIRE, PORN FINDS YOU!

Come on!

[zepo1a (958353)]

Come /.! NewYorkCountryLawyer is trying to do something good here.

Can we get serious for a minute? Please?

Re:

[Vengeance (46019)]

More importantly, can we not entertain each other in the process?

After all, that IS at least half of the function of this web site.

questions

[superwiz (655733)]

1. What measures will be taken to safeguard the integrity of the data and the data storage devices. You don't want your property destroyed in the process of investigation.

2. Ask for extensive access to all the equipment that will be used during the investigation to verify that the said equipment may not accidently harm your devices and data.

3. Ask for a comprehensive review of all the privacy-safeguarding mechanisms that the plaintiffs have in place for the retrieved data. Further, ask for an audit of the feasibility of the privacy safeguards as well as their effectiveness in actually protecting the privacy of the data.

Re:

[cain (14472)]

These just seem like stalling tactics. Eventually the RIAA would comply with the requests and the trial would continue.

Re:questions

[crmanriq (63162)]

1. Please provide a detailed outline of what tests you wish to perform, and the tools that you will use to perform them. Are these industry recognized tools, or are they proprietary? If they are not industry recognized, please provide source code so that their results may be analyzed in context by recognized experts.
2. Please state your reasons why these tests cannot be performed by an independent laboratory by skilled professionals.
3. Please state what industry standards these tests meet that will confirm their validity. (Do they meet an IEEE or ASTM testing standard?) If no industry standard exists, then provide documented research that lays out why these tests meet a standard of proof that can and should be allowed in a court of law.
4. What specialized equipment will be used in testing? Has this equipment been certified for this use, or is this a new use of the equipment? If it is a new use, then please provide supporting documentation to certify that any results achieved will be meaningful.
5. What measures will be taken to preserve the integrity of the data so that your results may be independently verified?
6. What measures will be taken to keep the equipment free from harm?
7. What measures will be taken to preserve the chain of evidence?
8. What measures will be taken to ensure that no data is added to, removed from or changed on the by your personnel or your agents? How can this be independently verified?
9. Which of your described tests include subjective criteria, and which are purely objective? How is the subjective criteria to be evaluated, and how could an independent testing body repeat this portion of testing?
10. How long will the testing take, and will you provide a functionally equal replacement during the testing duration so as not to deprive the owners of the use of their property?

Re:questions

[DamnStupidElf (649844)]

4. Ask them if they have the necessary licenses from Microsoft and any other companies to make copies of the data on the hard disk, including any legally purchased music they might encounter. Almost every forensic software package creates a complete duplicate of the hard disk as its first step to preserve the chain of evidence. Additionally, ask them if they will violate copyright law if they duplicate the hard disk and there are illegally copied media files on the disk that they don't own the copyright to. In criminal investigations, law enforcement is generally exempt from copyright law for the purposes of evidence gathering. I don't think individuals and companies have the same leeway during discovery, so basically the entire premise they are basing their case on will prevent them from performing an accurate forensic examination. Even if they don't make a duplicate copy of the drive, they will still be unlicensed to view certain files simply because the defendant doesn't have the right to relicense them. I imagine this has come up in courts before where companies try to hide things like trade secrets and copyrighted documents from discovery, but in those cases they are generally the sole owner of those documents and can be compelled to release them. A person owns almost none of the rights to software and other media on their own computer.

I think it's only fair that the plaintiffs should have to play by their own rules, e.g. that any use or copies of copyrighted material without explicit permission is absolutely forbidden.

Unlawful Searches

[Timesprout (579035)]

Ask them why they retain the services of a company found to have conducted unlawful electronic searches of an individuals computer, to provide their evidence of infringement.

Attack his expertise

[Anonymous Coward]

I saw at least one false statement in one of the filings. It's not a lie so much as a total lack of understanding of how IP networks really work and how far they can be pushed. Combine that with the fact he's been discredited in Canada and it should make the court ask questions.

In particular the statement that he was able to determine there was no wireless router in use at the time cannot be substantiated. It is possible to have a wireless router that NATs you right back to your public IP. In fact, I've done it (with out the wireless part) at least twice for different reasons.

If I were you, I would set up a demo that shows this and rub his nose in it.

ask groklaw

[SABME (524360)]

Have you considered asking this question on http://groklaw.net/ [groklaw.net]?

You might get a better response there (i.e., less noise than /.), especially since Groklaw is about legal issues surrounding tech.

Re:ask groklaw

[werewolf1031 (869837)]

That would be great if he wanted legal advice and information, but he doesn't. He wants computer-related technical advice and info, which he likely won't find on a legal website. Hence, he posted to a 'nerd' website to find those technical answers. Funny, I thought he made that pretty clear?

For example, he might ask:

• Can these "experts" guarantee the authenticity of screenshots showing IP addresses, ensuring they haven't been altered? (Most likely answer: No Frickin' Way.)
• What methods were used to determine that defendant was using the IP addresses in question at the time of the infringement? Can these methods be duplicated independently by outside IT personnel? What kind of authenticity measures were applied to the networking logs indicating that the defendant was indeed using those IP addresses at the time? Are they plain text files? How can anyone be sure they haven't been altered?
• Did they verify the contents of the allegedly infringing files to ensure that they do, indeed, contain material copyrighted by the plaintiff? And yes, checksums can be faked, with some effort, so they would have to actually listen to the files. Are these files still intact on the defendant's hard drive, and if so, how were they verified to have not been placed there after seizure?

I could go on all day, but you get the point. The lawyer doesn't want legal advice, he wants technical advice. Pay attention, dude.

Re:ask groklaw

[tinkerghost (944862)]

Additionally

• What measures were taken to verify that the IP address was neither spoofed nor usurped during the period in question?

Having worked for a cable ISP, it's not uncommon for 2 cable modems on the same UBR to have the same IP address - usually a result of one of the modems failing to honor the lease time from the DHCP grant - though potentially it could be deliberately done. Add to that the joy of promiscious mode settings and you can potentially be broadcasting from your neighbors IP address with his spoofed MAC address and still get your responses back.

• Were any of the routers between the system which captured the screenshot and the defendants modem compromised at the time the screenshot was taken?

I don't recall the exact number, but IIRC one of the internal memo's indicated about 5-10% of my former companies UBR's had been compromised at some point in the last year.

• What investigations have you taken into determining if the defendants computer was not compromised at the time of the screenshot.
• If the US Government is repeatedly the victim of criminal computer access, what is the level of due dilligence required of the average citizen to prevent a compromised system from being used to illicitly trade files?

If I understand it correctly, it is their responsibility to prove that the system was not compromised at the time of the screenshot. Given the average 1st security update to a virgin XP box is 20-30 minutes and the average time to ownership is 15 minutes, I think there is a reasonable case to be made that the box may have been compromised at some point - proving it wasn't at the specified time may be difficult - especially if there are a few virus fragments laying around indicating it being 'p0wn3d' in the past.

What bugs does MediaSentry have?

[Chris Snook (872473)]

My father is an attorney, and he once told me that you never ask a question you don't already know the answer to, unless the answer cannot possibly hurt you. There are a few possible answers here:

1) I don't know.

If he doesn't know, he's not an expert on MediaSentry.

2) None.

At this point you enter into evidence a copy of The Mythical Man-Month or some similar tome, and quote figures on bugs per lines of code. You have now discredited him.

3) Lots, for example...

This will go over *great* with a jury.

This guy claims that the hard drive provided must be the wrong hard drive because it doesn't show any evidence of file sharing whatsoever, and MediaSentry claims there was file sharing. Maybe it's a bug in MediaSentry.

Whatever.

[arkanes (521690)]

Did none of you read the PDF? The expert report says that the hard drive provided to him was *not* the one used to share the files. He doesn't discuss his methodology in any detail, but it's reasonable enough. He states that, based on his analysis of the hard drive that the machine was directly connected to the internet (not via a router), which is easy enough to tell from the IP address assigned, and that it does not and did not have Kazaa (apparently the p2p program used) on it. From the other links, it sounds like they're claiming that his isn't the hard drive they wanted, from the machine they wanted, and that they're trying to get access to the sons hard drive based on that. Assuming that the expert isn't totally incompetent and/or lying, he's right. If this hard drive is from the machine that had the IP addresses in the subpoena from Verizon (he says he has access to the Verizon information, but not whether or not the IPs match up), then you have a pretty airtight dismissal - no evidence of sharing, lets go home. If they're trying to claim that the son probably brought his machine over, you're going to have to rely on legal arguments rather than technical ones. It's certainly possible that he did, but I don't know enough about the law to say whether that matters in a case like this. The case is against her, not her son, so can't you argue for dismissal on that alone? If they're claiming that you gave them some totally unrelated drive, you're going to need to document where that drive came from. I assume you have all your ducks in a row with regards to the chain of documents and evidence for that drive. If you don't, then someone screwed up along the way and someone is going to pay for it - probably your client and her family. That's not something interrogation of this witness will help you with - his analysis of the drive is probably correct. What he's saying is that he didn't find the evidence the RIAA wants on the drive, so prove that's the drive they asked for and go home.

Real questions

[realmolo (574068)]

I read the PDF report from the RIAA's expert.

Seems that he's saying that the hard drive he examined contained NO TRACE of Kazaa ever being installed, and no trace of any "shared files". He goes on to say that the hard drive appeared to be hardly used, since there were very few user-created files. The implication is that the hard drive he examined is not the hard drive that was used to share music, or that it had been completely erased at some point.

I would ask him about the possibility that the hard drive was reformatted in the process of re-installing Windows, via an normal Windows CD or especially a "restore CD". And I would also ask him if it is possible that Ms. Lindor re-installed Windows because she was having other problems with the computer, and a re-install was the simplest way to fix those problems. I would also ask him if formatting the drive and re-installing Windows is a common way to repair computers that have become unusable due to viruses and spyware. I would also ask him how common spyware and viruses are, and how a user such as Ms. Lindor would be able to fix a machine infected with spyware and/or viruses without resorting to formatting her hard drive and re-installing Windows.

Basically, reformatting the drive is a perfectly legitimate thing to do when Windows, or any operating system, becomes "unusable" due to corruption of system files by malicious software. Just because her drive is "empty" doesn't mean she is trying to hide evidence. She may have done it simply to get her computer working again.

Could the defendands computer have been hacked?

[Iphtashu Fitz (263795)]

Here's one for you:

Is it possible that the defendands computer was compromised in some way by a third party without their knowledge, and that the third party was the one who put the music on the computer and set it up to be shared?

I was at my brothers house over the xmas weekend and he was complaining about odd behavior on his Windows PC. The mouse simply stopped functioning properly in a number of applications, etc. He's on a DSL line but behind a router/firewall, with a software-based firewall and virus scanner installed. I decided to do a thorough check myself, however, and discovered that there was a directory containing over 2 gigabytes of porn that he knew nothing about. It was quite obvious that some sort of malicious software had made it onto his PCand turned it into some sort of porn file server, probably for some P2P network. Now my brother is no Windows expert but he's fairly savvy technically (college grad with a computer science major, MBA from a well respected business school). If he couldn't detect this going on with his own computer then how could a computer-illiterite person be expected to?

The obvious one

[grazzy (56382)]

How much of the money RIAA claims goes back to artists who created the music?

IANAL.

[mmell (832646)]

But TLP'er is, so here goes...

On initial analysis, the gentleman does appear to be qualified to render "expert testimony". I assume that his bona fides are in order. The fact that jurisdictions outside the US don't acknowledge his expertise is irrelevant - this gentleman's qualifications appear (unfortunately) to be impeccable.

Many of my associates here on /. to the contrary, the plaintiff will probably have little to no difficulty establishing whether or not the suspect computer in this case was using the IP address from which the plaintiff alleges the copyright infringement took place. Likewise, based on the ISP records, the plaintiff will probably have little difficulty proving that their record of the shared content as identified from the plaintiff's computer is an accurate and correct representation of that IP address' activity. Attacking the accuracy of their data (showing a computer at the defendant's IP address was sharing files via P2P technology) will probably likewise prove unproductive; and as I'm sure you're aware, making allegations of misconduct without evidence on your part to support your allegations could be very bad for your professional situation. To my /. fellows, remember that this is a civil case - the standard is not "proof beyond a reasonable doubt" but rather "a preponderance of evidence". With that end in view, rather than attacking the assertion that illegal file sharing took place from that IP address you should try to establish whether or not Ms. Lindor's computer contains evidence of this illicit activity.

While Ms. Lindor has been named as the defendant, I would suspect that the plaintiff's case hinges not on alleging that Ms. Lindor actually performed the acts in question, but rather that by providing internet connectivity and/or computer equipment which was used to ostensibly perform this act, Ms. Lindor is liable for damages caused by this act. However, the plaintiff's entire case rests on proving that the physical connection used to perform this act terminates with Ms. Lindor's residence and computing equipment (areas under her control). You should have little difficulty finding your own expert in the IT field, one who can demonstrate ideas such as MAC and IP address spoofing to gain illicit access to a network. Your expert should also be able to establish that (barring an extremely involved investigation which did not take place at the time) these items, while intended to be unique to a single computer connected at a single point to the network, are in fact easily forged. It should then prove trivial to explain why these items can not be used to positively and uniquely identify Ms. Lindor's computer and network connection.

Finally, you might consider analyzing the state of Ms. Lindor's equipment. If she was using any version of wireless networking, that would imply an even greater likelihood that the acts in question were performed with neither the knowledge or consent of Ms. Lindor. Insecurity in wireless networks has been a problem practically since their inception; and while Ms. Lindor may still have some liability (much like the registered owner of an automobile may be liable for damages caused by a thief who stole that automobile), this may be a factor in mitigation or extenuation of the alleged infringement.

Incidentally, you should ensure that UMG is fully aware of what the news will make of all this after a verdict is rendered. "Single mother loses home, life savings to music industry" would make a great headline, and I'm sure you could find more than a few sympathetic journalists to write an appropriately scathing article to go with it. As you're well aware, the courts aren't the only courts in this country; the court of public opinion can be a monstrous thing to those unwary enough to stand in its path!

Here's an obvious one...

[supremebob (574732)]

"Why do you think that US copyright laws apply to Russian businesses?"

I'm referring to the RIAA 1.65 Trillion dollar lawsuit against AllofMP3, of course.

Discovery questions

[gregor-e (136142)]

Since this is the discovery phase, I'd ask plaintiff to produce documentation substantiating the validity of the copyright for each claimed infringement, along with a complaint from each rights-holder or designated representative for each instance of alleged infringement.

I'd ask for specific evidence that establishes the defendant as the perpetrator of the alleged infringements, especially evidence that excludes the possibility of defendant's computer having been used, perhaps unknowingly, by an outside party - friends, hackers, etc. The presence of an 802.11 connection could make this especially tricky. It shouldn't be too hard to come up with numerous examples of people's PCs being taken over for illegal purposes, thus decreasing the strength of the 'preponderance' that shows defendant committed alleged infringements.

I'd ask for information supporting plaintiff's allegations of damage. Given the high likelihood that all of the infringed properties are available anytime, from any internet connection, by any subscriber willing to pay $6/month to Yahoo! Music Unlimited, any claims for damages beyond $6 per month total (or, more precisely, whatever fraction of the $6 the rights-holders would actually receive from Yahoo), are obviously egregious.

Discredit him thoroughly

[Xenographic (557057)]

Obviously, we know several things:

* Screenshots are unreliable. They're easy to fake. I suggest you have a few fakes on hand.
* Thus, the chain of evidence *IS* the evidence and the only evidence. Make sure you know EVERY detail about it.
* You can't really prove which person was at the computer without something else to corroborate it, only the owner of the computer.

These are the biggest apparent gaps. You need to know everything about them and to dump as much as you can into the public record for us. You also need to document all the "I don't know" answers, because those will be the ones where you might hurt them the most.

Therefore, you should question him in detail on at least the following points:

* How are the screenshots taken. Who has access to them? What's the chain of evidence? How and where are all of these things stored? Are they stored in a secure manner? How would you know if they were altered?
- Make doctored screenshots. Have him "authenticate" the fakes. Bonus points if you do this in front of the jury. Double bonus if the infringing IP is that of riaa.com, sony.com or similar. WARNING: This is a public site. He may VERY well be reading this.

* Describe, in detail, the exact process by which you find those allegedly infringing upon your copyrights. Be methodical. You want to know the exact version of the OS they're running (not just "win XP" or "various"). You want to know EVERY program they use, even if it's MS Paint. You want them to produce the source code of any custom programs for analysis by outside experts. You want to know about any known flaws. You want to see any and all release or design notes, ESPECIALLY any bugs, source/versioning control, changelogs, etc. You want to know which exact version of their custom program found the infringement for this case. That does NOT let them off the hook on letting you examine prior versions or newer versions--old bugs DO stick around even when they've been "fixed" and you need to see both newer and older versions. I.E. if the bug has been fixed twice, you know it was there in the interim. Yes, they may put out protective orders and whatnot, but the more information about this you can get into the public record, the more they'll squirm and the more we'll reveal the sloppiness they're hiding. And I know they have things to hide, unless they're so clueless as not to know their own weaknesses. You can work both alternatives to your advantage.

* Describe how the ISP identifies the person associated with the IP. You may actually have to subpoena the ISP on this point, I suspect they'll just produce the letter and say that that's sufficient. It's not. We both know that even if the IP belonged to a computer using their internet service, they don't have any idea who's at the screen at any given time, only which account is active. And even this may be unreliable. You NEED to get every last detail about how they log the IPs leased out, how they associate them with their customers, where the data is stored, how long it is stored for, who has access to it, on what computers it's stored, how reliable those computers are (e.g. any records of maintenance, program changes or downtime), etc. You're the lawyer here. You know better than I how important being methodical in discovery is, and every detail may be significant. I suspect they'll have trouble producing everything. Records may not exist for some things, but this is also important--every gap is a gap in their chain of evidence. It takes only one broken link to destroy a chain... Get EVERY detail you can from this into the record and make sure it gets sealed or redacted as little as possible. All these details about software, hardware, and the human processes that work with them are of vital importance to us for technical analysis, just like case law, venue and precedents are to your case. Even the programs they don't use directly, like antivirus or firewall software may be important, not to mention the topology of thei

Stick to the fundamentals...

[geoff lane (93738)]

Stick to the fundamentals...

How does that RIAA know that a given computer was under the sole control of the current owner? A badly secured Windows PC may be under control of somebody a thousand miles away.

"Just how can you sleep at night?"

[The_REAL_DZA (731082)]

Or, more interestingly, "Where do you sleep at night, and are you a sound sleeper?"

here's my strategy

[greenrom (576281)]

First I'd use their own witness to establish a possible defense for the alleged infringement. Then I'd point out how weak the argument for claiming the hard drive he examined is not the correct one. Finally, I'd establish that there is no evidence that the hard drive they're trying to subpoena contains any evidence of infringement and portray the whole thing as a big fishing expedition. Let me walk through these 3 in a little more detail.

1. The witness claims the computer was not connected to a router because of the IP addresses he observed in the registry. The addresses you'd typically use for a home router are non-routable ip addresses like 192.168.*, 172.*, or 10.*. These are special address ranges that don't appear on the public internet. Routers use them because you can guarantee that the IP addresses assigned to computers by the router will not conflict with any other address. While it is possible to configure most routers to use a different routable address, the assumption the defendant makes is probably reasonable. However, if no router is being used as the witness claims, then the attached computer did not have the protection a router's NAT provides from outside attacks. I would grill him on this. The theory I would push is that since the computer was insecure, someone else did the infringement but used the defendant's vulnerable computer to run proxy software to hide their illegal activities. This sort of thing actually happens quite frequently. If you search, you can find lots of software for doing this. Further, proxy software isn't that difficult to write. Anyone with a good programming background could easily write one, and anyone with a good understanding of networking who wanted to do something online without it being traceable back to them would likely use this exact technique. Virus scanners already detect many of these programs, but there are many, many more that the virus scanners don't know about yet. I would get him to admit this. There are many, many ways to hide software like this, so even if you look for it and don't find it, you can never be completely sure it isn't there. That's why many experts will tell you that if a system has been compromised, the only sure way to restore it to a secure state is to wipe it and reinstall everything. There's just too many ways to hide malicious software to be sure you found everything the attacker did.
2. I'd point out the many other conclusions one could draw other than, "this must be the wrong hard drive." One possibility is the proxy explanation I gave in #1 - kazaa wouldn't be on the computer in this case. Another explanation for the lack of files on the computer is that the defendant just didn't use the computer very much. Another explanation would be that the computer recently had the hard drive formatted and the software reinstalled - I believe this is undisputed. An explanation for the lack of kazaa files is that kazaa was never there in the first place. Essentially he's saying, "I was told the person using this hard drive was using P2P software to share files. I don't find any evidence of that on this hard drive, so this must be the wrong hard drive." Another explanation is that it's the right hard drive, but that kazaa was not being used and the defendant didn't even use the computer that much. If you try to say a format and reinstall would wipe away all evidence of kazaa, he might try to claim that the forensic software he used could still detect it as not all the data gets overwritten. This is true, but to counter this, ask "Is it possible the data you were looking for could have been overwritten when the operating system was reinstalled?" His answer will be yes. "Could your forensics software detect that data after it has been overwritten by other files or when the operating system was reinstalled?" His answer will be no.
3. Finally, portray the whole thing as a fishing expedition. Ask him about how widespread the problem of illegally sharing files with kazaa is. Ask him if you randomly just

Here's a few

[Ironsides (739422)]

I'm reading over the PDFs and typing this up as I read them, so it may seem a bi unorganized.

1) You state that because you found the resume of Gustave Lindor, Jr. on the defendants machine that this "document indicates he was living and working in Brooklyn, New York during the dates that the copyrighted music was being shared."
Point 7, Page 5 of the 'expert' report

a) How does this prove that Gustave Lindor, Jr. was using the machine and that he had not, for instance, e-mailed the resume to his mother (the defendant) for advice or recommendations of modifications to the resume.

b) How does this prove that Gustave Lindor, Jr. was actually at the machine, that the file was initially create on the machine or that Gustave Lindor, Jr. had ever touched this machine? (i.e. couldn't the file at least have been dictated)

c) Does this not mean that the case should be dropped against the defendant due to the lack of evidence found on machines that she owns?

d) How can you prove who was using the computer at the time of the alleged infringement?

2) From the 26-page curriculum vitae (I glanced over this one)

a) Are there any EE/ECE/CS courses that you did not include in this? Why?

b) Have you ever received a failing grade in any EE/ECE/CS course?

c) When was the last time you enrolled in aa EE/ECE/CS course? Course Name? Type? Grade?

d) Have any disciplinary actions ever been taken against you or have you ever been rebuked/censured (Note: no typo, I do not mean censored), by any University or Professional Organization such as the IEEE.

e) Have you ever cheated/plagarized on homework or a test?

3) What possible evidence could there be on Gustave Lindor, Jr.'s computers that would implicate the defendant in any of the charges against her? How would any evidence on Gustave Lindor, Jr.'s computers implicate the defendant and not Gustave Lindor, Jr.? How can the defendant be held responsible for any relevant activities by Gustave Lindor, Jr.?

4) What proof do you have that Gustave Lindor, Jr.'s computer was ever at the residence of the Plaintiff? Ever possessed on of the IP's in question? Has ever had KAZAA or any other file sharing program on it? etc... (I'd suggest having some fun and running with this one out of malicious mischief if nothing else)

5) How is this not harassment of the defendant and/or her family?

6) How can you positively completely 100% prove that any single computer ever possessed a specific IP address in the past?

Re:Oh, man, this is sad.

[RingDev (879105)]

The differences is most readers of /. are not lawyers, so asking questions about law on /. is kind of pointless.

Inversely, most readers of /. are technically adept, so asking questions about technical issues (like is this 'technical assessment' valid?) can be rewarding. Even if you are a lawyer.

-Rick

Then he should have asked his question better

[Slashdot Parent (995749)]

What he should have said was:

The plaintiff wants to compel $person to surrender his computer for forensic analysis. For the judge to order this, their evidence must meet $standard.

Their evidence is $evidence. How can I show, from a technical perspective, that $evidence does not satisfy $standard?

Re:

[TheRaven64 (641858)]

Typical that a lawyer would be the first person to work out how to bill for their time while reading Slashdot...

Re:I'd ask

[HappySqurriel (1010623)]

Why does the RIAA suck so much?

That is an easy question to answer ...

The RIAA sucks because it is an association that is designed to protect the interests of large music corporations by ensuring that their broken buisness model continues to exist.

The reality of the situation is that current technology is scary to RIAA members because a band/artist doesn't need a label quite like they used to (and as time goes on and the technology advances they don't need a label at all). Consider:

• A band can now record an album on their own time in an inexpensive home studio; the quality of equipment that you can get for $10,000 today (with effort) can rival the production of a Million dollar studio the labels have
• You can self promote your band through the internet; as time goes on sites like Youtube may be able to provide inexpensive access for a band to find an audience, and an audience to find a band
• You can sell your album online for a fraction of what the label will charge and still make more money off of the sale; if you were to charge $0.25 per song and $2.00 for the full album you would make (a lot) more money than the label would give you for the same music

Being that merchandise (like T-Shirts/posters) can easily be produced and ordered online (to be sold on your web-store and at your show), and you can self promote your shows, a hard-working band can make a decent living without needing a label; they may never get to the same level of fame that a label will get you, but you also don't need the same size of an audience to make playing music your life.

Re:

[mr_matticus (928346)]

#5 is easy. If you don't pay for unlimited rights, you don't have them when you're licensing media. You know the disclaimers about "licensed for home use" and so on? You're buying limited access to someone else's property. It's a license in perpetuity, as opposed to a "rental" (being temporary), but you don't have any more rights than the ones you buy.

The problem here is the philosophy that you start with every right except those denied to you. That's good and perfectly true for laws, but when you'r

Re:Seriously??

[Dunbal (464142)]

A lawyer posting an "Ask Slashdot" question?

      Is he going to bill us?