What Questions Would You Ask An RIAA 'Expert'?

NewYorkCountryLawyer asks: "In UMG v. Lindor, the RIAA has submitted an 'expert' report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's 'experts' have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"

Re:What Questions Would You Ask An RIAA 'Expert'?

[mr_matticus]

#5 is easy. If you don't pay for unlimited rights, you don't have them when you're licensing media. You know the disclaimers about "licensed for home use" and so on? You're buying limited access to someone else's property. It's a license in perpetuity, as opposed to a "rental" (being temporary), but you don't have any more rights than the ones you buy.

The problem here is the philosophy that you start with every right except those denied to you. That's good and perfectly true for laws, but when you're buying something from someone else, it's a complete non-sequitur. You start with nothing--zero rights to the product--and purchase some of those rights from the creator.

The mere exchange of money does not imply complete ownership over anything more than that for which you've paid. When you buy an airline seat, you don't own the seat itself; when you buy a book, you don't own the words. If all you're buying is the right to use something, all you own is that set of transferred rights (and any vehicle of expression if applicable, i.e. a CD, the paper composing a book, the canvas and paint molecules of a painting).

Re:Jusst one Question

[Ocular Magic]

His e-mail address is dougj@iastate.edu, maybe you could ask him why directly? (pulled from a PDF listed above)

Re:Conflict of interest

[Anonymous Coward]

Go to the notary. Show him computer screen. Print screenshot. Describe exact situation how you reach to the page and what it show. Print it too. Let it sign notary. This is valid evidence for every judge.

And what's stopping someone from outputting whatever they want to the display? Just because the notary sees something on the screen, doesn't mean it reflects reality at all.

IANAL.

[mmell]

But TLP'er is, so here goes...

On initial analysis, the gentleman does appear to be qualified to render "expert testimony". I assume that his bona fides are in order. The fact that jurisdictions outside the US don't acknowledge his expertise is irrelevant - this gentleman's qualifications appear (unfortunately) to be impeccable.

Many of my associates here on /. to the contrary, the plaintiff will probably have little to no difficulty establishing whether or not the suspect computer in this case was using the IP address from which the plaintiff alleges the copyright infringement took place. Likewise, based on the ISP records, the plaintiff will probably have little difficulty proving that their record of the shared content as identified from the plaintiff's computer is an accurate and correct representation of that IP address' activity. Attacking the accuracy of their data (showing a computer at the defendant's IP address was sharing files via P2P technology) will probably likewise prove unproductive; and as I'm sure you're aware, making allegations of misconduct without evidence on your part to support your allegations could be very bad for your professional situation. To my /. fellows, remember that this is a civil case - the standard is not "proof beyond a reasonable doubt" but rather "a preponderance of evidence". With that end in view, rather than attacking the assertion that illegal file sharing took place from that IP address you should try to establish whether or not Ms. Lindor's computer contains evidence of this illicit activity.

While Ms. Lindor has been named as the defendant, I would suspect that the plaintiff's case hinges not on alleging that Ms. Lindor actually performed the acts in question, but rather that by providing internet connectivity and/or computer equipment which was used to ostensibly perform this act, Ms. Lindor is liable for damages caused by this act. However, the plaintiff's entire case rests on proving that the physical connection used to perform this act terminates with Ms. Lindor's residence and computing equipment (areas under her control). You should have little difficulty finding your own expert in the IT field, one who can demonstrate ideas such as MAC and IP address spoofing to gain illicit access to a network. Your expert should also be able to establish that (barring an extremely involved investigation which did not take place at the time) these items, while intended to be unique to a single computer connected at a single point to the network, are in fact easily forged. It should then prove trivial to explain why these items can not be used to positively and uniquely identify Ms. Lindor's computer and network connection.

Finally, you might consider analyzing the state of Ms. Lindor's equipment. If she was using any version of wireless networking, that would imply an even greater likelihood that the acts in question were performed with neither the knowledge or consent of Ms. Lindor. Insecurity in wireless networks has been a problem practically since their inception; and while Ms. Lindor may still have some liability (much like the registered owner of an automobile may be liable for damages caused by a thief who stole that automobile), this may be a factor in mitigation or extenuation of the alleged infringement.

Incidentally, you should ensure that UMG is fully aware of what the news will make of all this after a verdict is rendered. "Single mother loses home, life savings to music industry" would make a great headline, and I'm sure you could find more than a few sympathetic journalists to write an appropriately scathing article to go with it. As you're well aware, the courts aren't the only courts in this country; the court of public opinion can be a monstrous thing to those unwary enough to stand in its path!

Re:Conflict of interest

[palmhack]

I would also ask how this person made the determination that the defendents' computer was the ONLY computer connected to that IP address. How did he know an unsecured wireless router wasn't assigned the IP address? How did he know that a war-driver wasn't connected to a wireless router without permission? Did the defendent have the technical knowledge to use encryption (WPA, NOT WEP. WEP IS EASILY CRACKED). Did the defendent know how to use the router's logging mechanisms properly to see who was connected to the router? Did the expert witness also evaluate the router (if one existed)? If a router was not employed, how did he make the determination that someone didn't just walk up to the house and plug into the line (dsl, cable, etc) and use the connection without permission? I work in the field of information security, and there are a myriad of variables at play that makes it virtually impossible for anyone to say with 100% certainty that the defendent's computer was the actual computer attached at the time of upload/download. The only way to absolutely know is to do a forensic analysis of the drive, and that is VERY iffy because enough back data would need to be obtained to get statistical relavence from the "junk" and loose-end files lying around. That part is time sensitive and if done properly, would need to be done instantly and not days/weeks/months later. Read a best-practice book on forensic analysis and you'll get a deeper insight into just how difficult it can be to reconstruct obliterated data.

Re:ask groklaw

[werewolf1031]

That would be great if he wanted legal advice and information, but he doesn't. He wants computer-related technical advice and info, which he likely won't find on a legal website. Hence, he posted to a 'nerd' website to find those technical answers. Funny, I thought he made that pretty clear?

For example, he might ask:

• Can these "experts" guarantee the authenticity of screenshots showing IP addresses, ensuring they haven't been altered? (Most likely answer: No Frickin' Way.)
• What methods were used to determine that defendant was using the IP addresses in question at the time of the infringement? Can these methods be duplicated independently by outside IT personnel? What kind of authenticity measures were applied to the networking logs indicating that the defendant was indeed using those IP addresses at the time? Are they plain text files? How can anyone be sure they haven't been altered?
• Did they verify the contents of the allegedly infringing files to ensure that they do, indeed, contain material copyrighted by the plaintiff? And yes, checksums can be faked, with some effort, so they would have to actually listen to the files. Are these files still intact on the defendant's hard drive, and if so, how were they verified to have not been placed there after seizure?

I could go on all day, but you get the point. The lawyer doesn't want legal advice, he wants technical advice. Pay attention, dude.

Re:questions

[Maximum Prophet]

2. Ask for extensive access to all the equipment that will be used during the investigation to verify that the said equipment may not accidently harm your devices and data.

Everytime you power up a harddrive, there's a chance that you've powered it up for the last time. While it may be recoverable, you might crash the heads, and trash all the data on the disk. Thus, short of some sort of non-invasive quantum interference device, there's no way to read a drive that doesn't involve some level of risk.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:ask groklaw

[tinkerghost]

Additionally

• What measures were taken to verify that the IP address was neither spoofed nor usurped during the period in question?

Having worked for a cable ISP, it's not uncommon for 2 cable modems on the same UBR to have the same IP address - usually a result of one of the modems failing to honor the lease time from the DHCP grant - though potentially it could be deliberately done. Add to that the joy of promiscious mode settings and you can potentially be broadcasting from your neighbors IP address with his spoofed MAC address and still get your responses back.

• Were any of the routers between the system which captured the screenshot and the defendants modem compromised at the time the screenshot was taken?

I don't recall the exact number, but IIRC one of the internal memo's indicated about 5-10% of my former companies UBR's had been compromised at some point in the last year.

• What investigations have you taken into determining if the defendants computer was not compromised at the time of the screenshot.
• If the US Government is repeatedly the victim of criminal computer access, what is the level of due dilligence required of the average citizen to prevent a compromised system from being used to illicitly trade files?

If I understand it correctly, it is their responsibility to prove that the system was not compromised at the time of the screenshot. Given the average 1st security update to a virgin XP box is 20-30 minutes and the average time to ownership is 15 minutes, I think there is a reasonable case to be made that the box may have been compromised at some point - proving it wasn't at the specified time may be difficult - especially if there are a few virus fragments laying around indicating it being 'p0wn3d' in the past.

Re:questions

[Ironsides]

4. What sort of 'Firewall' is in place to protect private/personal files not related to the case from being accessed by the plaintiffs? (i.e. personal financial information) 5. What sort of protections are in place to prohibit modification/installation/corruption of file/programs on the defendants/son's computer by the plaintiff? (protection against planted evidence) (note, possible solution would involve leaving the hard drive in escrow and providing the RIAA with an exact copy of the HD)

Agreed!

[RingDev]

In paragraph 5 he claims that the machine that downloaded the songs was not connected via a wireless connection based solely on IP address. That's some magic trick! I have a wireless router in between a pair of firewalls at my house. If someone were to get on it and download IP, they would show up to the entire world as the same IP as my cable modem.

Also in paragraph 5 he sites the computer's Registry as additional proof that the machine was not connected to a wireless router. Which I suppose might have some validity, as a wireless driver would likely have some reference in the registry.

But then in paragraph 6 he states that he believes that the hard drive he reviewed is NOT the same one as the one that downloaded the IP. So if this hard drive is NOT the one that downloaded the IP, what does it matter that there is no proof in the registry?

The guy is a sham, throwing together half baked and highly biased inspections that don't even pass a rudimentary review.

-Rick

Re:What Questions Would You Ask An RIAA 'Expert'?

[mr_matticus]

I don't have an 'employer,' and nothing is being rewritten. Please see 17 USC 109 and all applicable case law. There are numerous protections in place for derivative works and an extensive and rich history of case law to support and define those works. Regardless of anything else, you, like most other Slashdotters, have lost sight of what a license truly is: it is a limited transfer of rights from an originator (author, owner) to a customer (licensee, purchaser). Again, like I posted earlier, purchase of the book does not imply purchase of the copyright nor ownership of any of its contents; license to the contents does not, likewise, imply license of the physical carrier.

It cuts both ways, which is something you have utterly failed to understand. When you buy a book, you own the paper and the ink and that's it. You don't own the contents, you never have, and you never will until the book enters public domain, at which time you own it in trust along with every other living human. Insofar as it is protected by copyright, you hold a license to the contents. That's it and all there is to it, and if you believe otherwise, cite a case. You'll find none. The distinction in copyright law is an explicit separation of ownership between copies and copyrights--you can't do whatever you want with the copyrighted portion of your purchase; the copyright holder can't do whatever it wants with your copy of it.

Where there is a different arrangement made beforehand, for example via the terms of sale of an online music service (which explicitly requires the acceptance of DRM), those terms are valid (Wall v. LA et al). Where no other terms are attached, you're free to act within the confines of applicable law. Any of it can be reused in core form--the owners of Harry Potter copyrights and trademarks do not possess control over wizards and magic and child heroes. They control the wizards, magic spells, and child heroes specific to Harry Potter (their names and arrangements). If you want to write a similar story, that's perfectly fine (Wizard's Hall is an older, shorter Harry Potter, for example)--but you don't get to reuse characters or verbatim segments of Rowling's novels. You are broadly and erroneously overapplying the restrictions and control granted by law for your dramatic tirade.

DFS perfectly clarifies the distinction: individual owners may not rent or lease their copies (cf. 1984), and copyright holders may not disallow the resale of copies using their rights under copyright, trademark, and commercial codes. It does not specify any additional rights (or any additional restrictions, beyond the rent/lease prohibition which arguably merely codifies prior case law) to the contents of any purchases under the law containing copyrighted works. Furthermore, it is not categorically applicable, but merely held prima facie failing any appropriate consideration to the contrary.

I also see that you failed to observe the intent of the airline metaphor--mere payment does not imply ownership in any context (i.e. it is not unique to the realm of "intellectual property"). Payment for access is not a stipulation for complete control; buying a book does not give you complete control over the author's work, but rather gives you complete control over the purchased portion (the paper and the ink and the binding) and partial access to the intangible portion.

Re:Warning: Licensing Media Troll

[mr_matticus]

DFS *only* applies to your copy; it does not apply to the copyright. DFS allows you to sell, destroy, modify, format shift (since 1998 only in compliance with the DMCA), disassemble, or otherwise manipulate your copy. It does not allow you to redistribute, assume control of, repackage, embark in multiple simultaneous uses of, or (since 1984) rent/lease/loan the copyrighted and/or trademarked works embodied therein.

ever used

[fishyfool]

ever used a wireless access point that you plugged a network cable into? wireless access, no drivers.

Re:Very good questions

[number11]

How do you prove that the contents of the "shared" folder were actually shared with third parties?

Indeed. A friend has a computer that runs P2P file sharing. The P2P program displays the number of query hits and uploads (for session and lifetime) for each file that is shared. Some of the files have never been downloaded. Granted, those tend to be files with names that either are completely uncommunicative ("H325B", "AnalogWholev099022.exe"), music by extremely obscure artists, and/or files that have recently been added. The friend did once receive a DMCA takedown notice for a movie which he did not possess or share. The file described in the notice as that movie was actually an mp3 of a performance that may, or may not, have been used in the movie (the performer's record label was owned by the same conglomerate that owned the music studio).

Files the RIAA has actually downloaded, they can identify with absolute certainty, though I don't know if they actually do so.. file or folder name alone is shakey (as they found with Professor Usher), filename plus size is better, having a SHA1 hash identical to the hash of a known copy is pretty sure). And they can prove that those files were actually shared with at least one third party (themselves). If they could download ten randomly selected files, it's a pretty fair assumption that it would have been possible for them to download most or all of the rest. But there is no way (short of extensive ISP or user logs) to know with certainty if anyone else actually has ever downloaded them.

I think I'd want to know if there has ever been a false-positive identification of a file. (There was, with Usher. Also with the BSA and some Linux files that were apparently "identified" by matching a substring in their filename. But those particular cases were weeded out in the bright glare of publicity and public ridicule, they didn't make it to court. Are other instances of misidentification known?) If they have ever run tests to see if the file matching can be fooled into false-positive matches (especially if they have not actually listened to the downloaded files), and what the accuracy rate is.

Re:Conflict of interest

[cpt kangarooski]

Actually, that's only the standard in criminal cases. In civil cases, the standard is the far, far lower 'balance of probabilities' standard. Simply put, it's 'whatever probably happened actually did happen' even if that probability is a mere 51%. Even if there's 49% of doubt, that's still not good enough in such a case for the defendant to win.

So honestly, if someone was accused of file sharing on the basis of them being assigned an IP at a particular time from which files were downloaded which contain copyrighted material, even if we only have RIAA's word for it, and the defendant had an open WAP, and a computer forensicist finds corresponding files on the defendant's hard drive, while we all may accept that there is a real possibility that the defendant didn't do it, does anyone think that he probably didn't do it? Because if he probably did it, despite even a very strong (but necessarily lesser) chance that he didn't, then you have to find him liable.

I find it difficult to believe that /. users would think that the defendant probably didn't do it, barring something else of particular significance.

Re:Conflict of interest

[NewYorkCountryLawyer]

My impression is that they
-make money on the settlements
-lose money on the default judgments and
-lose a lot of money on every contested case.