Many ISPs use DHCP (Dynamic Host Configuration Protocol) to assign IP addresses to users. The way DHCP works is that when a user logs on, it takes an address from a pool of available addresses and assigns it to that user. The next user gets the next available address and so on, so that each user has a unique IP address. Whenever a user logs off, his address is released and goes back into the pool to be available for assignment to another user. Thus the same IP address might be assigned to a dozen or more different users through the course of a single day. It also means the same user gets a different IP address each time he logs on. Unless the RIAA has a record of the exact time they accessed someone’s computer, AND the ISP has an accurate record of who was logged on when, nobody has any idea exactly who was using that address when the alleged transaction took place, and the RIAA is just shooting in the dark, hoping to hit something. Anything.

Truth of the matter is, I doubt RIAA even does that much. My suspicion is, they just get a list of IP addresses and a list of users, pick a name at random, match it up with the IP address they recorded, and go get their subpoena. I can’t prove this, of course, but this is what it looks like, judging from what I’ve read on the sort of stuff that is going on with this racket.

look it up.

that’s whack.

There are three main legal systems in the world - the English, French and American ones. The English system is practically identical to the American system, but as time has passed the US legal system and the American language have both changed slightly. All in all not bad - but they are tiny pee stains on the boots of legal systems when compared to the French one. In France, this could never happen. And it hasn’t yet, and probably never will. We should all adopt it. You have your defense and your prosecution, your plaintiff and defendant (or equivalents thereof) and your Magistrate. Both sides present evidence to the Magistrate, and then the Magistrate makes his mind up based on who he thinks is right and the weight of evidence put before him. Both parties are entitled to the same level of legal representation, and practises such as those being entertained by the RIAA would be heavily frowned upon.

It really makes you stop and think about how many rights you really do have and how well you are being represented in Government when an RIAA bloke (who has no powers of search and seizure) can be given those powers on the spot by a Policeman, and then walk around confiscating any recordable media (ie DVD, CD, VHS - Betamax even) or any media that doesn’t have a legitimate label on it - you draw on a blank CD and they can take it from you. I’m sorry, but I must have been picking my nose when they decided to make Industry groups into legitimate independent mercenary organizations.

I am Australian, by the way, not French or American. I just know a little bit about law, and I like to keep up with these things. They affect us too, especially with the new FTA with the US. The Australian government agreed to a clause in the FTA which means that we will have to adopt the DMCA (christ!) and that whenever an ISP gets notified by ARIA/RIAA that a customer is downloading something naughty, the ISP has to disable the customer’s internet access, among numerous other things.

Someone do something, because I’m too lazy to. Please.

Evidently, RIAA uses this very weakness in the Kazza hashing system (”UUHash”) all the time to create bogus music files that look identical to the real ones. They already know the hashing algorithm is weak.

This isn’t how digital hashes are supposed to work, and basically invalidates the use of hashes to uniquely identify files on Kazza and other p2p programs that use the same network type (the “fastrack” network).

http://www.beatking.com/

Secondly, mp3-ID3-Tag-Information can be readily changed by anyone, which means it’s unreliable as evidence.

Thirdly, hashes can be duplicated if songs are ripped using the same software+settings.

All in all, this kind of evidence is highly volatile in identifying sources. The question is, does unreliable evidence have a place in court?

Now let’s say the RIAA could check a hash (like MD5) of the file and then compare that with the hash for similar files of the same track. It might be possible with enough research to work back to an original source or to get circumstantial evidence. This track with this hash was found here where it was definitely illegal. Now here it is over there as well. If you had free access to all the files, you could strip the tags and then check the hash so that you were just checking the sound part.

But this all presupposes some considerable ability to access the files either straight off the hard disk or by pieceing them together via a man-in-the-middle attack. So can they prove physical access to the full data?