Wanted: p2p tech experts
p2p news / p2pnet: Ray Beckerman, a lawyer representing victims being sued by the Big Music cartel’s RIAA, is looking for technically savvy allies to help guide judges who may have been misled by RIAA evidence.
“There’s a crisis in this country with the RIAA’s reign of terror,” he told p2pnet. “The RIAA is bringing massive secret lawsuits against unnamed defendants – ‘John Does’ - who never even know they’ve been sued. These lawsuits wend their way through the courts on an ex parte basis, which means only one side - the RIAA - is represented.”
He’s posted a riddle for techies on Recording Industry vs The People, a web page which among other things carries documents relating to the growing number of appeals by RIAA (Recording Industry Association of America) victims.
In an RIAA case a federal judge said that a screen shot of defendant John Doe Number 7’s Kazaa shared files folder was enough to show copyright infringement because
“[RIAA] obtained “metadata” about the files that Doe No. 7 was disseminating, which often reveal who originally copied a particular sound recording from a CD to a computer disk (a process called “ripping”) and provide a type of digital fingerprint, called a “hash,” that can show whether two users obtained a file from the same source…. Using the metadata associated with the music filed that Doe No. 7 was offering for distribution on Kazaa, plaintiffs have determined that many sound recordings were ripped by different people using different brands of ripping software. Such information creates a strong inference that Doe No. 7 was not simply copying his or her own lawfully purchased CDs onto a computer, but had downloaded those files from other P2P users.”
Was the judge right or wrong?
The case was Elektra v. Does 1-9
Beckerman says judges are hearing things which, technically speaking, are simply not true and, “some of the judges may actually believe what they’re being told,” he says.
By the time a John or Jane Doe has been named by his or her ISP, and has been sued, “the judge has already been talking to the RIAA’s lawyers, in a complete vacuum, for several years,” says Beckerman, going on:
“I think it would be helpful, when I see an instance in which I think a judge may have been misled by the RIAA on technical issues, to present the judge’s findings to be vetted by the tech community.
“I believe the tech community is very much interested in these cases, is very alert to, and mindful of, the extreme danger these cases pose to freedom of expression, and to a climate of technological innovation, and is ready, willing, and able to help ensure that the courts proceed with integrity in these technical areas.”
Something you think we should know? tips[at]p2pnet.net
See:-
posted a riddle - A Puzzle for Techies: Did ‘Metadata’ and ‘Hash’ Show that Files were Copied?, October 22, 2005
October 24th, 2005 at 1:52 pm
Let’s say the RIAA could read the ID3 tags. And the tags had lots of comment entries like “A1 Ripping Crue!” and they were all different then they have a point. Whihc is why I routinely scrub the comment tag among others on my collection.
Now let’s say the RIAA could check a hash (like MD5) of the file and then compare that with the hash for similar files of the same track. It might be possible with enough research to work back to an original source or to get circumstantial evidence. This track with this hash was found here where it was definitely illegal. Now here it is over there as well. If you had free access to all the files, you could strip the tags and then check the hash so that you were just checking the sound part.
But this all presupposes some considerable ability to access the files either straight off the hard disk or by pieceing them together via a man-in-the-middle attack. So can they prove physical access to the full data?
October 24th, 2005 at 3:01 pm
There is no way they can tell the difference between an original and a perfect copy for start.
Secondly, mp3-ID3-Tag-Information can be readily changed by anyone, which means it’s unreliable as evidence.
Thirdly, hashes can be duplicated if songs are ripped using the same software+settings.
All in all, this kind of evidence is highly volatile in identifying sources. The question is, does unreliable evidence have a place in court?
October 24th, 2005 at 3:51 pm
The previous post is right on the money. That is no evidence
http://www.beatking.com/
October 24th, 2005 at 10:03 pm
Ray,
See the comment ‘anonymous’ just posted on your blog under this entry. Evidently, the hashing algorithm used by Kazza (and other p2p clients on the same network) is implemented in such a way that two very different files can easily have identical hashes, and in fact it’s trivial to deliberately create two files with the same hash.
Evidently, RIAA uses this very weakness in the Kazza hashing system (”UUHash”) all the time to create bogus music files that look identical to the real ones. They already know the hashing algorithm is weak.
This isn’t how digital hashes are supposed to work, and basically invalidates the use of hashes to uniquely identify files on Kazza and other p2p programs that use the same network type (the “fastrack” network).
October 24th, 2005 at 10:36 pm
even if there is evidence they were dl and not owned ripped copies why is that a crime? I myself have had to dl songs due to scratched cd’s.
October 25th, 2005 at 5:57 am
I am amazed simply by the fact that they are launching legal action against these people without their knowledge. In Australia, that can’t happen - you have to be served with a summons so that you have adequate time to organise proper legal representation. We use the English legal system.
There are three main legal systems in the world - the English, French and American ones. The English system is practically identical to the American system, but as time has passed the US legal system and the American language have both changed slightly. All in all not bad - but they are tiny pee stains on the boots of legal systems when compared to the French one. In France, this could never happen. And it hasn’t yet, and probably never will. We should all adopt it. You have your defense and your prosecution, your plaintiff and defendant (or equivalents thereof) and your Magistrate. Both sides present evidence to the Magistrate, and then the Magistrate makes his mind up based on who he thinks is right and the weight of evidence put before him. Both parties are entitled to the same level of legal representation, and practises such as those being entertained by the RIAA would be heavily frowned upon.
It really makes you stop and think about how many rights you really do have and how well you are being represented in Government when an RIAA bloke (who has no powers of search and seizure) can be given those powers on the spot by a Policeman, and then walk around confiscating any recordable media (ie DVD, CD, VHS - Betamax even) or any media that doesn’t have a legitimate label on it - you draw on a blank CD and they can take it from you. I’m sorry, but I must have been picking my nose when they decided to make Industry groups into legitimate independent mercenary organizations.
I am Australian, by the way, not French or American. I just know a little bit about law, and I like to keep up with these things. They affect us too, especially with the new FTA with the US. The Australian government agreed to a clause in the FTA which means that we will have to adopt the DMCA (christ!) and that whenever an ISP gets notified by ARIA/RIAA that a customer is downloading something naughty, the ISP has to disable the customer’s internet access, among numerous other things.
Someone do something, because I’m too lazy to. Please.
October 25th, 2005 at 1:14 pm
isn’t it true that in france, a person is considered guilty until proven innocent in a court?
that’s whack.
October 25th, 2005 at 3:04 pm
I highly doubt that.
October 25th, 2005 at 3:16 pm
i remember this being a big issue during the trials of the photographers “involved” with Princess Diana’s death.
look it up.
October 26th, 2005 at 2:06 pm
It’s not exactly “presumption of guilt” but check Wikipedia for a brief run down on the inquisitorial system: http://en.wikipedia.org/wiki/Inquisitorial_system
October 29th, 2005 at 7:24 pm
The RIAA says it uses IP addresses to identify violators. But there is one big problem with this: DHCP.
Many ISPs use DHCP (Dynamic Host Configuration Protocol) to assign IP addresses to users. The way DHCP works is that when a user logs on, it takes an address from a pool of available addresses and assigns it to that user. The next user gets the next available address and so on, so that each user has a unique IP address. Whenever a user logs off, his address is released and goes back into the pool to be available for assignment to another user. Thus the same IP address might be assigned to a dozen or more different users through the course of a single day. It also means the same user gets a different IP address each time he logs on. Unless the RIAA has a record of the exact time they accessed someone’s computer, AND the ISP has an accurate record of who was logged on when, nobody has any idea exactly who was using that address when the alleged transaction took place, and the RIAA is just shooting in the dark, hoping to hit something. Anything.
Truth of the matter is, I doubt RIAA even does that much. My suspicion is, they just get a list of IP addresses and a list of users, pick a name at random, match it up with the IP address they recorded, and go get their subpoena. I can’t prove this, of course, but this is what it looks like, judging from what I’ve read on the sort of stuff that is going on with this racket.