What Questions Would You Ask An RIAA 'Expert'? 616
NewYorkCountryLawyer asks: "In UMG v. Lindor, the RIAA has submitted an 'expert' report (pdf) and 26-page curriculum vitae (pdf), prepared by Dr. Doug Jacobson of Iowa State University who is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa, and supposed analysis of the hard drive of a computer in Ms. Lindor's apartment. The RIAA's 'experts' have been shut down in the Netherlands and Canada, having been shown by Prof. Sips and Dr. Pouwelse of Delft University's Parallel and Distributed Systems research group (pdf) to have failed to do their homework, but are still operating in the USA. The materials were submitted in connection with a motion to compel Ms. Lindor's son, who lives 4 miles away from her, to turn over his computer and music listening devices to the RIAA. Both Ms. Lindor's attorney (pdf) and Ms. Lindor's son's attorney (pdf) have objected to the introduction of these materials, but Dr. Jacobson's document production and deposition are scheduled for January and February, and we would love to get the tech community's ideas for questions to ask, and in general your reactions, thoughts, opinions, information, and any other input you can share with us. (In case you haven't guessed, we are the attorneys for Ms. Lindor.)"
Unlawful Searches (Score:5, Interesting)
Re:I'd ask (Score:5, Interesting)
That is an easy question to answer
The RIAA sucks because it is an association that is designed to protect the interests of large music corporations by ensuring that their broken buisness model continues to exist.
The reality of the situation is that current technology is scary to RIAA members because a band/artist doesn't need a label quite like they used to (and as time goes on and the technology advances they don't need a label at all). Consider:
Being that merchandise (like T-Shirts/posters) can easily be produced and ordered online (to be sold on your web-store and at your show), and you can self promote your shows, a hard-working band can make a decent living without needing a label; they may never get to the same level of fame that a label will get you, but you also don't need the same size of an audience to make playing music your life.
Very good questions (Score:5, Interesting)
* How do you prove that the contents of the "shared" folder were actually shared with third parties? (I have a "shared" folder with music on my PC, to stream to my other PCs and my stereo)
* How do you prove the "shared" folder was not created automatically by the P2P software?
* How do you prove that the user was computer savvy enough to prevent the software from creating the folder?
Real questions (Score:5, Interesting)
Seems that he's saying that the hard drive he examined contained NO TRACE of Kazaa ever being installed, and no trace of any "shared files". He goes on to say that the hard drive appeared to be hardly used, since there were very few user-created files. The implication is that the hard drive he examined is not the hard drive that was used to share music, or that it had been completely erased at some point.
I would ask him about the possibility that the hard drive was reformatted in the process of re-installing Windows, via an normal Windows CD or especially a "restore CD". And I would also ask him if it is possible that Ms. Lindor re-installed Windows because she was having other problems with the computer, and a re-install was the simplest way to fix those problems. I would also ask him if formatting the drive and re-installing Windows is a common way to repair computers that have become unusable due to viruses and spyware. I would also ask him how common spyware and viruses are, and how a user such as Ms. Lindor would be able to fix a machine infected with spyware and/or viruses without resorting to formatting her hard drive and re-installing Windows.
Basically, reformatting the drive is a perfectly legitimate thing to do when Windows, or any operating system, becomes "unusable" due to corruption of system files by malicious software. Just because her drive is "empty" doesn't mean she is trying to hide evidence. She may have done it simply to get her computer working again.
Could the defendands computer have been hacked? (Score:5, Interesting)
Is it possible that the defendands computer was compromised in some way by a third party without their knowledge, and that the third party was the one who put the music on the computer and set it up to be shared?
I was at my brothers house over the xmas weekend and he was complaining about odd behavior on his Windows PC. The mouse simply stopped functioning properly in a number of applications, etc. He's on a DSL line but behind a router/firewall, with a software-based firewall and virus scanner installed. I decided to do a thorough check myself, however, and discovered that there was a directory containing over 2 gigabytes of porn that he knew nothing about. It was quite obvious that some sort of malicious software had made it onto his PCand turned it into some sort of porn file server, probably for some P2P network. Now my brother is no Windows expert but he's fairly savvy technically (college grad with a computer science major, MBA from a well respected business school). If he couldn't detect this going on with his own computer then how could a computer-illiterite person be expected to?
Re:"WTF?" (Score:1, Interesting)
conflict of interest (Score:1, Interesting)
http://www.palisadesys.com/documents/RABasicExamp
Jacobson appears to be working all sides of this for profit and reputation. He works in academia with a specialty of network security, sells network spy software to universities, and helps prop up the monitoring regimes through his "expert testimony" in the courts.
I would look for a basis to exclude Jacobson based on his financial interest in the outcome of the case.
Re:Very good questions (Score:5, Interesting)
What I'd like to ask (Score:3, Interesting)
Isn't your client's stupid business model costing him far more money than the file sharing is?
Stuff that might actually be useful to ask:
- As someone else said, how do you prove that the screen shots have not been altered?
- If the screen shots are backed up with packet captures, how do you prove that those were not altered?
- Given that both IP and MAC addresses can be spoofed, how do you prove that the defendant's computer was actually the source of the packets?
- Given that the titles of stuff on a file sharing network may have no relationship to the contents of the file, how do you prove that the file actually contained material copyrighted by the plaintiff?
- Each song that the plaintiff says that the defendant illegally shared/distributed was not actually written or recorded by the plaintiff, but by an artist. The copyrights were assigned to the plaintiff as part of a contract with the artist. For each song, prove that the plaintiff has valid control of the copyright by having met all the terms of the contract with the artist.
I really like this last one. If the RIAA has been stiffing the artists on their royalties or with funny accounting, they're going to have to run the funny accounting past a judge, and justify why they get to sue for copyrights where they are ripping off the artists. Even if they can give an accounting that passes the laugh test, it enormously increases their workload in the case.
Re:Real questions (Score:3, Interesting)
Excellent points, and a perfectly valid line of reasoning. This goes perfectly in hand with my last post [slashdot.org]. After my brother determined that his Windows PC had been hijacked by some malicious software to use it as a P2P site for porn he decided to wipe the drive and re-install from scratch. If it had been sharing mp3's instead of porn then he could very well have ended up in the same situation - a machine that the RIAA thinks was sharing music that my brother knew nothing about, and that there was no evidence of since the drive had been recently reformatted.
contradiction in statements 5 & 6 (Score:2, Interesting)
6) this is the not same hard drive used to share copyrighted sound recordings. The hard drive displayed a "lack of user created files"
7) yet the disk did manage to contain a resume (generally, that's a user created file).
Doesn't seem like they know a whole lot and are just fishing. They have a computer IP address that was involved in file sharing, and (I'm assuming) Verizon's logs show it to be Ms Lindon's IP at the time. They have a hard drive image (how was that obtained, btw? legally?) that wasn't used to share files, in fact wasn't used for much of anything
If Ms Lindon has a wireless router, they'll never find the hard drive of the computer actually used. If they manage to confiscate a computer just on a fishing trip, some laws need to be changed
I would ask THIS question (Score:3, Interesting)
Re:What bugs does MediaSentry have? (Score:3, Interesting)
Upon reading the transcript, he compared the hard drive to the information that RIAA provided him. To him it does not appear to be the same hard drive. However, he is relying only on the information from MediaSentry and Verizon logs. I would trust the Verizon logs but who says the MediaSentry logs are correct. From the wiki article on MediaSentry [wikipedia.org]:
Questions and Doubts (Score:3, Interesting)
Point 5 in the experts paper, is that he establishes that the computer wasn't connected to the Internet via a wireless connection:
I assume this is to counter the argument that anyone could have been using the connection. It seems that from looking at a hard-drive it would be problematic to find how a computer was connected to the Internet at a specific point in the past. DHCP means nothing need be set, so I find it strange that the lack on an internal IP address would be proof against it. Ask the expert if there would be a record of an IP change on a specific date, and where that record is located.
In point 6, he mentions
How can you be sure it's not physically the same hard-drive? Did MediaSentrys information include serial codes for the hardware? Had the hard-drive been formatted to repair a spyware-ridden Windows installation (addressed in an earlier post in this discussion). How invasive can spyware and trojans be?--Could someone externally have been using the defendants computer as a proxy if this was the case?
Perhaps the most compelling quote from the expert is
How much is enough user content? I know people who use their machine for Internet, including webmail. They don't have any office products installed, nor do they go to uni, or use the machine for work, their entire content floats around their temporary internet files directory, which can be wiped with a few clicks.
It may seem unlikely to an expert who is so engrossed in technology that he simply doesn't consider that someone might use a machine for simple leisure.
Also, what timestamps are shown for the system files, that should more accurately date the installation time, but even so, dates can be very easily changed. Keep hammering home how very malleable data is, it will help to give the defendant wiggle-room, but also make MediaSentrys information all the less solid.
Above all the specifics, ask how can MediaSentry be sure that the client was aware they were sharing files (I know people who have had horrific experiences using and getting rid of P2P programs) and that any infringement took place. How can they be positive that the files they recorded as being shared by the user had indeed been shared (transference of data), and were infact the songs they were named after (A rose by any other name...). If MediaSentry downloaded the file to check, how can they be sure others did? Especially in a world of P2P, where one downloader might get one file from a hundred sources, perhaps that if files were downloaded from the user, the user actually contributed 0 bytes.
There is such an incredible amount of doubt in anything like this. Use it to your advantage.
Suggestion (Score:2, Interesting)
Slashdotters tend to be long on unsupported opinion and short on facts. In court I think you will need to be long on fact and short on unsupported opinion.
Change of subject. As an engineer, I would need to know more about the facts and opinions of the expert to give any helpful suggestions. We need specific facts to give relevant observations. I am guessing you have your own team of experts to tell you this though.
Re:Real questions (Score:3, Interesting)
On the surface, it looks like the defendant is hiding something (namely a harddrive) however, if you delve a little deeper you see that the expert might actually prove the defendant's case.
All the expert did was compare the hard drive to the one that should exist according on MediaSentry's logs and Verizon's logs. He concluded that they were not the same HD. However, the expert did not authenticate either Verizon's nor MediaSentry's data. Normally experts are only asked to testify on a specific subject. It might have been beyond his skills or his scope to do this type of verification.
Verizon's data supposedly ties the defendant's computer account to an IP address during a certain time period. MediaSentry's data supposedly ties an IP address to illegal filesharing during a certain time period. While Verizon's data would most likely be accurate , MediaSentry's [wikipedia.org] data has been found to be less than accurate in a Dutch appellate court.
So if the defendant only had one computer HD, it only proves that the RIAA's investigative methods are not reliable.
Here's a few (Score:5, Interesting)
1) You state that because you found the resume of Gustave Lindor, Jr. on the defendants machine that this "document indicates he was living and working in Brooklyn, New York during the dates that the copyrighted music was being shared."
Point 7, Page 5 of the 'expert' report
a) How does this prove that Gustave Lindor, Jr. was using the machine and that he had not, for instance, e-mailed the resume to his mother (the defendant) for advice or recommendations of modifications to the resume.
b) How does this prove that Gustave Lindor, Jr. was actually at the machine, that the file was initially create on the machine or that Gustave Lindor, Jr. had ever touched this machine? (i.e. couldn't the file at least have been dictated)
c) Does this not mean that the case should be dropped against the defendant due to the lack of evidence found on machines that she owns?
d) How can you prove who was using the computer at the time of the alleged infringement?
2) From the 26-page curriculum vitae (I glanced over this one)
a) Are there any EE/ECE/CS courses that you did not include in this? Why?
b) Have you ever received a failing grade in any EE/ECE/CS course?
c) When was the last time you enrolled in aa EE/ECE/CS course? Course Name? Type? Grade?
d) Have any disciplinary actions ever been taken against you or have you ever been rebuked/censured (Note: no typo, I do not mean censored), by any University or Professional Organization such as the IEEE.
e) Have you ever cheated/plagarized on homework or a test?
3) What possible evidence could there be on Gustave Lindor, Jr.'s computers that would implicate the defendant in any of the charges against her? How would any evidence on Gustave Lindor, Jr.'s computers implicate the defendant and not Gustave Lindor, Jr.? How can the defendant be held responsible for any relevant activities by Gustave Lindor, Jr.?
4) What proof do you have that Gustave Lindor, Jr.'s computer was ever at the residence of the Plaintiff? Ever possessed on of the IP's in question? Has ever had KAZAA or any other file sharing program on it? etc... (I'd suggest having some fun and running with this one out of malicious mischief if nothing else)
5) How is this not harassment of the defendant and/or her family?
6) How can you positively completely 100% prove that any single computer ever possessed a specific IP address in the past?
Re:Conflict of interest (Score:5, Interesting)
It would take very little time for a competent person to do this, indeed to ridicule the RIAA position,I could take a couple of days with an average 10 year old would leave them able to do this, a smart 8 year old could do it in a morning.
Ask him if he's conducted a review of ISP logging s/w, as in read the source code, not as in sent an email asking if it was "OK". Would bet good money he hasn't. Actually the ISP's aren't likely to sayt their s/w is 100%. a) Because it's a lie which no one will believe
b) they don't know if it works, and don't care enough to check.
Ask him why the records sent by ISPs say in big letters words to the effect "we've no bloody idea if this record is accurate, hell we can't even get change of billing address right, or get the accounts to add up, you think we trust these records ? Dream on. We sent them because we don't want to go to jail, not because they are correct."
One question I'd ask him as an educator is
If you had a student that could not change this data to support the RIAA case, would he award them a good grade ?
Maybe follow up by asking him how many people have such training (my guess is that there are more people capable of this in the USA than firing a gun competently. Would you convict on the grounds that the prosecutor said "almost no one can shoot a target as small as a person at 25 metres" I would follow this pattern for any of the evidence produced by the RIAA
Get him to explain as their expert how it could be faked. When he claims something cannot, come to Slashdot, and I am very confident that not only can we find an "expert" who can fix it, but possibly more usefully a 13 year old with no formal CompSci education to demo how trivial it is.
There is no computer record used by ISPs or almost anyone else that cannot be faked if you have the password.
My background includes records stored by banks and a major government, and they use tapes and disks of the same brand and configuration as everyone else. Tedious, but not hard.
Even the access logs that record such changes are themselves very fragile, and are simply entries in a different easily malleable list, typically on the same system, and it's far from unknown for the access level required for the audit list to be reachable with the standard system admin password. This is the default for nearly all database systems. If his track record is accurate, then he will have the options of either admitting the evidence could be fake, or lying. Next question is to ask him the typical failure rate of IT systems. Ask him the difference between mission critical computing like you see on aircraft and medical systems and the famously buggy and bizarre scareware the utilities blunder with. Ask him if he'd convict a friend of a serious crime based upon ISP records.
No one with any integrity would do this. Then ask him what level of crime/penalty he'd accept. Good odds he'll pick music piracy. In particular it is important that you get him to acknowledge that the records say that this IP address matched an account, not a computer. This is very much not the same as saying "this computer did this". If you're lucky and this twerp does'nt read slashdot, he will say the MAC address unqiuely identifies a computer. One typically assumes this in many applications, but it is a standard documented function of many devices such as routers to take whatever MAC address you tell them.
Re:What Questions Would You Ask An RIAA 'Expert'? (Score:3, Interesting)
in addition regarding the ip address (Score:2, Interesting)
Re:Could the defendands computer have been hacked? (Score:1, Interesting)
This happened once on a Windows web server I had partial management responsibilities for. The ISP called us and asked us if we had uploaded several gigabytes worth of pirated video game files. Well, no, we didn't (this was used by police departments).
It turns out the machine had been hacked, and some script kiddies set up a rogue FTP server to allow downloads by their friends and others on the internet.
We had to reformat the machine to make sure we removed all traces of the attack (SOP when a machine is compromised), and re-installed Windows.
This was a web server, but the exact same sort of thing can happen on a home computer as well. In fact, there have been articles published that show that the median time between connecting an unpatched Windows machine to the internet with no firewall and the time it gets hacked is somewhere around 20 minutes! It's reasonable to say that probably about half of the Windows computers out there (if not more) have some sort of spyware, malware, or other hacks of some sort on them. In other words, many peoples' Windows computers are not entirely under their control at all, and in many cases remote attackers (usually in another country) have complete control over the user's computer.
Re:Conflict of interest (Score:1, Interesting)
That's an odd statement.
- It is probable that this is exactly why this case is going to court.
- The RIAA has done similar things in past (Motown v Nelson).
- IANAL but it seems that it never hurts to establish that the plaintiff is not credible.
Testing (Score:3, Interesting)
Good question, proving correctness, even for trivial software is an expensive task and the RIAA are penny pinchers.
If they do have test results then question what quality standards (eg: IEEE, CMM) were used to conduct the testing. Ask for past and present "bug lists" or anything else that displays the shakey nature of our chosen proffesion. Having a bug list can introduce doubt about the software, not having a bug list can introduce doubt about the QA.
I assume they have logs from the ISP, otherwise how the hell can they be sure it was her computer.
PS: I have noticed NYCL's informative posts on other slashdot stories, I hope he finds what he is looking for.
Re:"WTF?" (Score:2, Interesting)
Re:Excellent Questions (Score:3, Interesting)
The standard is a balance of the probabilities. That is, whatever the jury thinks most likely happened
This point has been made a lot in these comments and in theory it's absolutely right, but (as ever) theory and practice are different environments. Given a sympathetic jury (not an unlikely occurence) and the mis-matched resources of the plaintiff and defendant, substantial doubt might well be enough to tip the scales in many jurors minds.
Re:Excellent Questions (Score:1, Interesting)
It seems to me just as likely as not that, for any random defendant, his machine was a) hacked, b) used by someone else in some other manner, etc., or that c) the plaintiffs incompetently sued the wrong person, or d) deliberately faked evidence so as to sue someone, etc.
I mean, obviously, it depends on the specific circumstances facing each particular defendant, but these things aren't so cut and dry 51% in the plaintiff's favour.
One guy in this thread did an empirical survey of WAPs in his area, and most of them were wide open. Most of my friends who live in apartment buildings in reasonably large cities are using their neighbour's internet or have their neighbours using theirs. Most of them don't realize this may or may not be "wrong." Mostly it's a "hey! free internet!" epiphany.
Plus, there's the fact that just because there's a listing of files doesn't mean there were any actual cases of infringement. It should be trivial to show hundreds of different setups where things like firewalls, NAT, etc., actually prevents the sharing of files even though a listing of files or a hit on a search can be obtained.
You could also just put up a single machine with some files in it matching names of some RIAA music and watch how nobody connects to you most of the time, blah blah blah.
Throw in the fact that the defendant is a 95 year old who is going senile and has no idea how to even turn on the magic scary box and boom: people just don't believe she did it, on that basis alone.
So, yes, it's a lower standard than in criminal trials, but there are hundreds of equally likely scenarios for each and every defendant except the most unlucky as to be so clearly guilty that I don't know why you're always so confident we cannot prevail.
Juries are made up of us. It's irrelevant that courts and lawyers find the defendants to be unsympathetic. Judges and lawyers are not the finders of fact.
Re:A bit about Mr. Jacobson (Score:2, Interesting)