What Questions Would You Ask An RIAA 'Expert'?

NewYorkCountryLawyer asks: "In UMG v. Lindor, the RIAA has submitted an 'expert' report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's 'experts' have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"

I'd ask:

[Vengeance (46019)]

How old are you?

You see, I'm doing a research paper on how long a human can live without a brain.

Conflict of interest

[MECC (8478)]

What steps would you take to prove that a screenshot is 'authentic'? If I doctored a screenshot to include a list of songs, how would you discover the doctoring? How would establish that the song names contained the correct songs and not something else? Are all screenshots unalterable?

Describe the process of 'proving' that someone's home computer used a given IP address at a given time. Anywhere.

Very good questions

[NetDanzr (619387)]

Those are very good questions. I'd add the following:

* How do you prove that the contents of the "shared" folder were actually shared with third parties? (I have a "shared" folder with music on my PC, to stream to my other PCs and my stereo)
* How do you prove the "shared" folder was not created automatically by the P2P software?
* How do you prove that the user was computer savvy enough to prevent the software from creating the folder?

Re:Very good questions

[Daemonstar (84116)]

I'd also add:

• Can you determine who was operating the computer at the time of the alleged offense? (I realize that this may be nullified by something like "criminal responsibility"; does this matter in a civil case?)
• How do you know that the defendants did not already own the material they were downloading? Or is it merely "distribution" (uploading) that is at the center of the offense?
• How is sharing a file considered "distribution"? Why does it apply here and not in other circumstances (cite thoughtful and meaningful scenarios here)?

Re:Conflict of interest

[Iphtashu Fitz (263795)]

If I doctored a screenshot to include a list of songs, how would you discover the doctoring?

Even more importantly, what if the actual files were doctored. If I were to create a file named "Around the World - Red Hot Chili Peppers.mp3" and put it on the Kazza network how would you determine if it's actually that song? Are you relying on just combinations of filenames and checksums/hashes? Hashes like those used by Kazza can be replicated with a bit of effort. Maybe I set up a phony Kazza server to flood the network with bogus copies of files. They'd need to download the actual files and listen to them in order to verify their authenticity.

Have you _ever_ made a mix tape?

[waterford0069 (580760)]

To take one for Steven Jay Page [wikipedia.org] of the Bare Naked Ladies

Have you _ever_ (and I mean EVER) made a "mix" tape? Did you give it to your SO/love interest?

Steven's argument being that effectively EVERY person in the music industry has done this at one time or another, and to be punishing their customers from doing effectively the same thing is hypocritical.

Start easy . . .

[Dr Caleb (121505)]

Like - did you listen to the alleged data to see if it was actually a copyrighted work? Does the copyright on those works all belong to the planitiffs?

Can they verify what IP address the alleded copyrighted work was uploaded from? (Eg: did it come from a single source only?) Go back a little further; can they produce anything that verifies Ms. Lindor's computer had the IP address they uploaded from at the time in question?

Freedom

[crabpeople (720852)]

Why do you hate freedom?

A bit about Mr. Jacobson

[linefeed0 (550967)]

I always hate it when academics use their position to further crap like this rather than fight the bullshit. My alma mater had plenty of these jerks too, particularly the people running the career programs in "e-commerce" and computer security. One telltale sign is that they've testified before Congress [senate.gov]. Apparently Mr. Jacobson doesn't like p2p because there's porn on it. The money shot is this bit:

There are several issues that make pornography on peer-to-peer networks more problematic than web or FTP-hosted pornography. You don't have to look for pornography on peer-to-peer networks; it will find you.

On SOVIET LIMEWIRE, PORN FINDS YOU!

Come on!

[zepo1a (958353)]

Come /.! NewYorkCountryLawyer is trying to do something good here.

Can we get serious for a minute? Please?

questions

[superwiz (655733)]

1. What measures will be taken to safeguard the integrity of the data and the data storage devices. You don't want your property destroyed in the process of investigation.

2. Ask for extensive access to all the equipment that will be used during the investigation to verify that the said equipment may not accidently harm your devices and data.

3. Ask for a comprehensive review of all the privacy-safeguarding mechanisms that the plaintiffs have in place for the retrieved data. Further, ask for an audit of the feasibility of the privacy safeguards as well as their effectiveness in actually protecting the privacy of the data.

Re:questions

[crmanriq (63162)]

1. Please provide a detailed outline of what tests you wish to perform, and the tools that you will use to perform them. Are these industry recognized tools, or are they proprietary? If they are not industry recognized, please provide source code so that their results may be analyzed in context by recognized experts.
2. Please state your reasons why these tests cannot be performed by an independent laboratory by skilled professionals.
3. Please state what industry standards these tests meet that will confirm their validity. (Do they meet an IEEE or ASTM testing standard?) If no industry standard exists, then provide documented research that lays out why these tests meet a standard of proof that can and should be allowed in a court of law.
4. What specialized equipment will be used in testing? Has this equipment been certified for this use, or is this a new use of the equipment? If it is a new use, then please provide supporting documentation to certify that any results achieved will be meaningful.
5. What measures will be taken to preserve the integrity of the data so that your results may be independently verified?
6. What measures will be taken to keep the equipment free from harm?
7. What measures will be taken to preserve the chain of evidence?
8. What measures will be taken to ensure that no data is added to, removed from or changed on the by your personnel or your agents? How can this be independently verified?
9. Which of your described tests include subjective criteria, and which are purely objective? How is the subjective criteria to be evaluated, and how could an independent testing body repeat this portion of testing?
10. How long will the testing take, and will you provide a functionally equal replacement during the testing duration so as not to deprive the owners of the use of their property?

Re:questions

[DamnStupidElf (649844)]

4. Ask them if they have the necessary licenses from Microsoft and any other companies to make copies of the data on the hard disk, including any legally purchased music they might encounter. Almost every forensic software package creates a complete duplicate of the hard disk as its first step to preserve the chain of evidence. Additionally, ask them if they will violate copyright law if they duplicate the hard disk and there are illegally copied media files on the disk that they don't own the copyright to. In criminal investigations, law enforcement is generally exempt from copyright law for the purposes of evidence gathering. I don't think individuals and companies have the same leeway during discovery, so basically the entire premise they are basing their case on will prevent them from performing an accurate forensic examination. Even if they don't make a duplicate copy of the drive, they will still be unlicensed to view certain files simply because the defendant doesn't have the right to relicense them. I imagine this has come up in courts before where companies try to hide things like trade secrets and copyrighted documents from discovery, but in those cases they are generally the sole owner of those documents and can be compelled to release them. A person owns almost none of the rights to software and other media on their own computer.

I think it's only fair that the plaintiffs should have to play by their own rules, e.g. that any use or copies of copyrighted material without explicit permission is absolutely forbidden.

Unlawful Searches

[Timesprout (579035)]

Ask them why they retain the services of a company found to have conducted unlawful electronic searches of an individuals computer, to provide their evidence of infringement.

Attack his expertise

[by Anonymous Coward]

I saw at least one false statement in one of the filings. It's not a lie so much as a total lack of understanding of how IP networks really work and how far they can be pushed. Combine that with the fact he's been discredited in Canada and it should make the court ask questions.

In particular the statement that he was able to determine there was no wireless router in use at the time cannot be substantiated. It is possible to have a wireless router that NATs you right back to your public IP. In fact, I've done it (with out the wireless part) at least twice for different reasons.

If I were you, I would set up a demo that shows this and rub his nose in it.

ask groklaw

[SABME (524360)]

Have you considered asking this question on http://groklaw.net/ [groklaw.net]?

You might get a better response there (i.e., less noise than /.), especially since Groklaw is about legal issues surrounding tech.

What bugs does MediaSentry have?

[Chris Snook (872473)]

My father is an attorney, and he once told me that you never ask a question you don't already know the answer to, unless the answer cannot possibly hurt you. There are a few possible answers here:

1) I don't know.

If he doesn't know, he's not an expert on MediaSentry.

2) None.

At this point you enter into evidence a copy of The Mythical Man-Month or some similar tome, and quote figures on bugs per lines of code. You have now discredited him.

3) Lots, for example...

This will go over *great* with a jury.

This guy claims that the hard drive provided must be the wrong hard drive because it doesn't show any evidence of file sharing whatsoever, and MediaSentry claims there was file sharing. Maybe it's a bug in MediaSentry.

Whatever.

[arkanes (521690)]

Did none of you read the PDF? The expert report says that the hard drive provided to him was *not* the one used to share the files. He doesn't discuss his methodology in any detail, but it's reasonable enough. He states that, based on his analysis of the hard drive that the machine was directly connected to the internet (not via a router), which is easy enough to tell from the IP address assigned, and that it does not and did not have Kazaa (apparently the p2p program used) on it. From the other links, it sounds like they're claiming that his isn't the hard drive they wanted, from the machine they wanted, and that they're trying to get access to the sons hard drive based on that. Assuming that the expert isn't totally incompetent and/or lying, he's right. If this hard drive is from the machine that had the IP addresses in the subpoena from Verizon (he says he has access to the Verizon information, but not whether or not the IPs match up), then you have a pretty airtight dismissal - no evidence of sharing, lets go home. If they're trying to claim that the son probably brought his machine over, you're going to have to rely on legal arguments rather than technical ones. It's certainly possible that he did, but I don't know enough about the law to say whether that matters in a case like this. The case is against her, not her son, so can't you argue for dismissal on that alone? If they're claiming that you gave them some totally unrelated drive, you're going to need to document where that drive came from. I assume you have all your ducks in a row with regards to the chain of documents and evidence for that drive. If you don't, then someone screwed up along the way and someone is going to pay for it - probably your client and her family. That's not something interrogation of this witness will help you with - his analysis of the drive is probably correct. What he's saying is that he didn't find the evidence the RIAA wants on the drive, so prove that's the drive they asked for and go home.

Real questions

[realmolo (574068)]

I read the PDF report from the RIAA's expert.

Seems that he's saying that the hard drive he examined contained NO TRACE of Kazaa ever being installed, and no trace of any "shared files". He goes on to say that the hard drive appeared to be hardly used, since there were very few user-created files. The implication is that the hard drive he examined is not the hard drive that was used to share music, or that it had been completely erased at some point.

I would ask him about the possibility that the hard drive was reformatted in the process of re-installing Windows, via an normal Windows CD or especially a "restore CD". And I would also ask him if it is possible that Ms. Lindor re-installed Windows because she was having other problems with the computer, and a re-install was the simplest way to fix those problems. I would also ask him if formatting the drive and re-installing Windows is a common way to repair computers that have become unusable due to viruses and spyware. I would also ask him how common spyware and viruses are, and how a user such as Ms. Lindor would be able to fix a machine infected with spyware and/or viruses without resorting to formatting her hard drive and re-installing Windows.

Basically, reformatting the drive is a perfectly legitimate thing to do when Windows, or any operating system, becomes "unusable" due to corruption of system files by malicious software. Just because her drive is "empty" doesn't mean she is trying to hide evidence. She may have done it simply to get her computer working again.

Could the defendands computer have been hacked?

[Iphtashu Fitz (263795)]

Here's one for you:

Is it possible that the defendands computer was compromised in some way by a third party without their knowledge, and that the third party was the one who put the music on the computer and set it up to be shared?

I was at my brothers house over the xmas weekend and he was complaining about odd behavior on his Windows PC. The mouse simply stopped functioning properly in a number of applications, etc. He's on a DSL line but behind a router/firewall, with a software-based firewall and virus scanner installed. I decided to do a thorough check myself, however, and discovered that there was a directory containing over 2 gigabytes of porn that he knew nothing about. It was quite obvious that some sort of malicious software had made it onto his PCand turned it into some sort of porn file server, probably for some P2P network. Now my brother is no Windows expert but he's fairly savvy technically (college grad with a computer science major, MBA from a well respected business school). If he couldn't detect this going on with his own computer then how could a computer-illiterite person be expected to?

IANAL.

[mmell (832646)]

But TLP'er is, so here goes...

On initial analysis, the gentleman does appear to be qualified to render "expert testimony". I assume that his bona fides are in order. The fact that jurisdictions outside the US don't acknowledge his expertise is irrelevant - this gentleman's qualifications appear (unfortunately) to be impeccable.

Many of my associates here on /. to the contrary, the plaintiff will probably have little to no difficulty establishing whether or not the suspect computer in this case was using the IP address from which the plaintiff alleges the copyright infringement took place. Likewise, based on the ISP records, the plaintiff will probably have little difficulty proving that their record of the shared content as identified from the plaintiff's computer is an accurate and correct representation of that IP address' activity. Attacking the accuracy of their data (showing a computer at the defendant's IP address was sharing files via P2P technology) will probably likewise prove unproductive; and as I'm sure you're aware, making allegations of misconduct without evidence on your part to support your allegations could be very bad for your professional situation. To my /. fellows, remember that this is a civil case - the standard is not "proof beyond a reasonable doubt" but rather "a preponderance of evidence". With that end in view, rather than attacking the assertion that illegal file sharing took place from that IP address you should try to establish whether or not Ms. Lindor's computer contains evidence of this illicit activity.

While Ms. Lindor has been named as the defendant, I would suspect that the plaintiff's case hinges not on alleging that Ms. Lindor actually performed the acts in question, but rather that by providing internet connectivity and/or computer equipment which was used to ostensibly perform this act, Ms. Lindor is liable for damages caused by this act. However, the plaintiff's entire case rests on proving that the physical connection used to perform this act terminates with Ms. Lindor's residence and computing equipment (areas under her control). You should have little difficulty finding your own expert in the IT field, one who can demonstrate ideas such as MAC and IP address spoofing to gain illicit access to a network. Your expert should also be able to establish that (barring an extremely involved investigation which did not take place at the time) these items, while intended to be unique to a single computer connected at a single point to the network, are in fact easily forged. It should then prove trivial to explain why these items can not be used to positively and uniquely identify Ms. Lindor's computer and network connection.

Finally, you might consider analyzing the state of Ms. Lindor's equipment. If she was using any version of wireless networking, that would imply an even greater likelihood that the acts in question were performed with neither the knowledge or consent of Ms. Lindor. Insecurity in wireless networks has been a problem practically since their inception; and while Ms. Lindor may still have some liability (much like the registered owner of an automobile may be liable for damages caused by a thief who stole that automobile), this may be a factor in mitigation or extenuation of the alleged infringement.

Incidentally, you should ensure that UMG is fully aware of what the news will make of all this after a verdict is rendered. "Single mother loses home, life savings to music industry" would make a great headline, and I'm sure you could find more than a few sympathetic journalists to write an appropriately scathing article to go with it. As you're well aware, the courts aren't the only courts in this country; the court of public opinion can be a monstrous thing to those unwary enough to stand in its path!

Discovery questions

[gregor-e (136142)]

Since this is the discovery phase, I'd ask plaintiff to produce documentation substantiating the validity of the copyright for each claimed infringement, along with a complaint from each rights-holder or designated representative for each instance of alleged infringement.

I'd ask for specific evidence that establishes the defendant as the perpetrator of the alleged infringements, especially evidence that excludes the possibility of defendant's computer having been used, perhaps unknowingly, by an outside party - friends, hackers, etc. The presence of an 802.11 connection could make this especially tricky. It shouldn't be too hard to come up with numerous examples of people's PCs being taken over for illegal purposes, thus decreasing the strength of the 'preponderance' that shows defendant committed alleged infringements.

I'd ask for information supporting plaintiff's allegations of damage. Given the high likelihood that all of the infringed properties are available anytime, from any internet connection, by any subscriber willing to pay $6/month to Yahoo! Music Unlimited, any claims for damages beyond $6 per month total (or, more precisely, whatever fraction of the $6 the rights-holders would actually receive from Yahoo), are obviously egregious.

Re:Oh, man, this is sad.

[RingDev (879105)]

The differences is most readers of /. are not lawyers, so asking questions about law on /. is kind of pointless.

Inversely, most readers of /. are technically adept, so asking questions about technical issues (like is this 'technical assessment' valid?) can be rewarding. Even if you are a lawyer.

-Rick

Re:I'd ask

[HappySqurriel (1010623)]

Why does the RIAA suck so much?

That is an easy question to answer ...

The RIAA sucks because it is an association that is designed to protect the interests of large music corporations by ensuring that their broken buisness model continues to exist.

The reality of the situation is that current technology is scary to RIAA members because a band/artist doesn't need a label quite like they used to (and as time goes on and the technology advances they don't need a label at all). Consider:

• A band can now record an album on their own time in an inexpensive home studio; the quality of equipment that you can get for $10,000 today (with effort) can rival the production of a Million dollar studio the labels have
• You can self promote your band through the internet; as time goes on sites like Youtube may be able to provide inexpensive access for a band to find an audience, and an audience to find a band
• You can sell your album online for a fraction of what the label will charge and still make more money off of the sale; if you were to charge $0.25 per song and $2.00 for the full album you would make (a lot) more money than the label would give you for the same music

Being that merchandise (like T-Shirts/posters) can easily be produced and ordered online (to be sold on your web-store and at your show), and you can self promote your shows, a hard-working band can make a decent living without needing a label; they may never get to the same level of fame that a label will get you, but you also don't need the same size of an audience to make playing music your life.

Re:Seriously??

[Dunbal (464142)]

A lawyer posting an "Ask Slashdot" question?

      Is he going to bill us?