p2p news / p2pnet: The members of the Big Four Organized Music cartel spare no expense in their bitter war against the ‘consumers’ whom, they claim, are thieves and criminals who “illegally” download music without paying for it.
This isn’t, however, a criminal matter, efforts by the cartel’s RIAA to elevate it to that level notwithstanding. It’s a civil one. And what’s at issue isn’t if someone’s broken a law it’s whether or not he or she has infringed a copyright, which is a very long way from “criminal” or “illegal”.
But this time the Big Four aren’t merely beating up on defenceless men, women and children who have no hope of matching their bottomless legal and financial resources.
Now the labels have You and the World Wide Web to contend with.
John Doe Number 8 one of the cartel’s more than 17,000 victims wants a court to throw out an RIAA ex parte discovery order filed in Atlantic Recording v Does 1-25. But the RIAA’s (Recording Industry Association of America) Jonathan Whitehead claims the metadata in John Doe Number 8′s shared files folder shows illegal copying took place.
JDN 8′s lawyer, Ray Beckerman, recently asked Zi Mei to check this out in detail.
Zi submitted an affidavit and now he’s asking you to give him a hand.
Hello p2pnet readers:
Many of you have been following developments on the RIAA lawsuits for a while here and at Ray Beckerman’s blog.
This time, we really need your help.
The RIAA has responded to my affidavit and I’m gathering research to put together a response that we need to send back to the courts by February 7.
This is a tight timeframe, so I’m calling on everyone to put on their thinking caps and contribute their thoughts on how we can fight this latest effort to misuse the American legal system.
Let’s pull together and make a difference.
Please post thoughts and comments here or on Ray’s blog http://tinyurl.com/9vejz.
And as he says on the blog, Recording Industry vs The People, “I’m just one guy, and I don’t have the unlimited time and financial resources that the RIAA most certainly does. In the true spirit of p2p and distributed computing, let’s put our brains together and fight these idiotic lawsuits. We’re a lot smarter than the RIAA’s hired goons, so let’s put on our thinking caps and end this attack on our freedoms.
“Most of all, let’s end this nightmare for dozens of the helpless people who are being sued.”
By way of back-ground, as we said an an earlier post on this, ‘ex parte’ means, “one side has communicated to the Court without the knowledge of the other parties to the suit,” says Beckerman in an earlier explanation of the way the RIAA identifies its victims. It’s, “very rarely permitted, since the American system of justice is premised upon an open system in which, whenever one side wants to communicate with the Court, it has to give prior notice to the other side, so that they too will have an opportunity to be heard,” he says.
But, Zi goes on in the document, the RIAA doesn’t even begin to explain how it manages to reach the cnclusion that the metadata are proof of copyright infringement.
And that’s not surprising, he says, “since there is no correlation whatsoever between (a) metadat in the files allegedly downloaded by the RIAA and (b) the origin of these files.”
He also emphasises that mp3 metadata are optional and may, or may not, be present in a file, and may or may not be accurate.
Since they’re aren’t part of the audio data, a computer or mp3 player can play files regardless of the existence or content of metatags, he says, also pointing out that literally anyone can create, edit or remove ID3/ID4 tags with software bundled with mp3 players, or any other easy to find applications.
“Simply put, there is no correlation between metadata in a file and the origin of the file,” states Zi in his document. “In no way can it be used as a tracking mechanism like a FEDEX or UPS tracking number.
“It certainly cannot be used to determine whether the files allegedly found on the defendants’ computers got there legally or illegally, since those files could have been downloaded from an authorized online service, or copied legally from commercially purchased audio CDs.
Zi also explains that moreover, hash files are equally useless as proof of wrong-doing.
On Recording Industry vs The People, IndieFeed’s Chris MacDonald posts:
I’m not so sure this is a technical question so much as an identification question. The metadata tag in question appears to be the “comments” field where ripping entities provide information about their software, or the individual who does the ripping. So to the extent that your collection has various and sundry comment “signatures” you could establish that the possessor of the file obtained the files from various and sundry sources, debunking any claim that the person lawfully transcoded the file from their cd to their own music management system. It’s an interesting argument but it would seem to make sense.
Larry Rosenstein says he agrees MacDonald.
Zi Mei describes the technical aspects of metadata, including that it is optional (does not affect playing the tracks) and easily modified.
It becomes a legal question whether having tracks with a lot of different metadata characteristics is proof of infringement.
An analogy might be someone who has a collection of books with hand-written notes in the margins, all with different handwriting. Is that proof that the books are stolen?
And jaded posts:
In his declaration, Messr Whitehead indicates that ‘Doe 8 is a user of the Limewire system’ and that ‘all of the Doe Defendants in this case are users of the Gnutella network’. This is interesting in light of the fact that all of the Exhibits associated with the original filing were screen-shots of Kazaa, which is not, from what I understand, a Gnutella network. It is its own network, I believe. This is an inconsistency that cannot be resolved with the material available, but does suggest there is some confusion on the part of the RIAA.
Beyond that, the User Log that is attached to the current declaration is a fabricated document (i.e., I do not believe that it is a report that can be readily produced by LimeWire, or probably even Kazaa). The only way that an association can be made between a users IP and the list of songs is to have a screen capture showing a download occurring from Doe 8 with Doe 8′s IP address and nickname clearly visible (ergo the comment above re the depiction of Kazaa screen captures in the initial filing). The other piece that would be needed is a screen capture that associates Doe 8′s nickname with the list of shared songs that are included in the attachment to the exhibit. I don’t believe that LimeWire even provides a way for a user to dump (i.e., print) a copy of what files they might have in their own share folder. Given that, there obviously would be no way to easily print, or capture, the files shared by another. If there is a utility that the RIAA agents have used to automate this, it has not been disclosed and subjected to scrutiny.
Beyond that, there is the issue of metadata (and the hash codes, which was not discussed in this declaration). There is certainly a wealth of circumstantial evidence that suggests that the files might have been obtained from other sources, but there is no conclusive evidence. All of the evidence points to the use of a Comment field that anyone can alter at will. Now, would anyone not associated with a particular web-site type that web-sites URL into a file’s ID3 comment field – one can only speculate. Is it possible – ABSOLUTELY. Anyone can do so.
There are, however, tell-tale markings that encoders do introduce into a file that serve to identify which encoder was used, but this is not metadata and only available by perusal of the binary file itself (there are some tools out there that attempt to do that – it’s not an exact science). One must have physical copies of the actual files to do this level of investigation.
What has not been shown, and would be a simple matter to do, is an indication of exactly which files it is that the RIAA had downloaded from that list (one would expect that this file would be the same file shown to be down-loaded from the above screen capture). If this file has none of the attributes that Messr Whitehead alludes to in his declaration, then nothing is proven. Absent that, all that exists is a listing that purports to represent a number of files that contain arbitrarily changeable metadata (for the most part – bit rate and length is not changeable, obviously).
But what is there to prove that an arbitrary file that the RIAA has is, in fact, the specific file that was downloaded by the RIAA agents? There will be a time-tag associated with the created file, but that is also something that can be readily altered. There is, in fact, NOTHING that can be used to show conclusively that any file that the RIAA might have in its possession came from the alleged Doe 8. Even the hash code, which presumably would be shown as being the same as others shared files could come from any one of those sources (or even fabricated, as discussed below).
WRT the hash code, as has been previously indicated and captured in Zi’s declaration, any rip/encode of a CD track with the same version of an encoder and quality setting (etc., etc.) should result in files with the same hash code. [I've not tried this myself, but am sufficiently intrigued to contemplate doing so.] Further, going to commonly available on-line metadata repositories would result in the same data being inserted as metadata which, once again, should result in the same hash code. Unique aspects of a files metadata, such as the Comment field discussed above, should also result in the same hash code if entered identically between the two files.
Says Zi in response (noting he’s replying without having had a lot of sleep ; )
Yes, Whitehead conspicuously switches to Limewire in this document whereas previous RIAA documents I responded to referred only to Kazaa. They consisted of several Kazaa screenshots and no screenshots of Limewire or any associated exhibits mentioning Limewire.
This time Whitehead specifically and conspicuously names Limewire, stating that “ALL” users in the suit were Limewire users. It is important to note that their long SHA-1 list is the same format as the list in the Kazaa affidavit, and presumably generated from the same software. They’re submitting this kind of list again now for Limewire. Doesn’t this contradict earlier statements, Ray? They showed screenshots of Kazaa, not Limewire, but now they’re attaching this “log”. This is an obvious bait and switch tactic and reveals that they know their Kazaa attempts were fruitless and unfounded, so they’re beginning anew with Limewire. Does anyone know what this is a “UserLog” of (item 5 in Whitehead)? A “log” has to be a log to something! I know Kazaa doesn’t produce logs like this, and am pretty sure that neither does Limewire or any p2p application, but I have not used Limewire in a long time. This looks like some unnamed and unknown mumbo-jumbo software the RIAA goons are using, the validity and accuracy of which needs to be examined. It is not produced by any software that I know. I stand with jaded in his assertion that it is fabricated by the RIAA and not produced by any p2p application.
Given that Whitehead’s earlier affidavit talks at length about Kazaa, but now he’s switched completely to Limewire, how can we be certain that these are not TWO SEPARATE individuals? First, he showed us Kazaa screenshots in an attempt show unlawful downloading (which is not true, since they are just files in a shared folder). Now he’s removed the screenshots and just left a SHA-1 list. No screenshots of Limewire are shown. Kazaa and Limewire are two completely different programs. This seems to be a clear case of misidentification. By way of an analogy, if I went to the police and said the burglar drove a white Ford Bronco one day, and then went back and said, no, it was a blue Honda Civic the next, they are not going to believe me. Whitehead simply says John Doe 8 is using Limewire, without presenting a screenshot or any evidence whatsoever. Where are these hundreds of files? I question their existence.
But more seriously, Whitehead deliberately chooses to ignore all of my questions regarding their investigative techniques and appeals to document their procedures. This lack of transparency to me and independent technical experts who are able to verify the veracity of their claims, or lack thereof, is not surprising. Their methods are unknown, so it cannot be determined whether they are scientific or not. They most likely are unscientific. Right now, it is just RIAA hocus pocus as to how they’ve obtained the defendant’s IP address in this case and all other cases. Given the highly inaccurate, reckless, and fallacious claims that the RIAA has brought against numerous innocent people (Sarah Ward [a 66 year old woman who uses a Mac-- there is no Mac version of Kazaa ], Candy Chan [a computer illiterate mom ], Gertrude Walton [a deceased 83 year old grandmother], mistaking a child’s Harry Potter book report as an illegal download, etc.), it behooves them to reveal the means through which they have identified John Doe 8, as it behooves the plaintiff in any case. The burden of proof has not been satisfied. Whitehead very deliberately avoids answering my probes as to how they got this IP address in the first place, so how can we be sure this is not another case of mistaken identity. Discussion on the extreme unreliability and inaccuracies of the metadata tags is moot until he can show definitive proof that this IP address is irrefutably accurate and properly ascertained, particularly when IP addresses are so easily spoofed, that many users use unprotected wireless networks, that ISP’s assign the same IP address over any given period of time to a number of different people, among other important technical facts. Basically, Whitehead is saying “we found this smoking gun, and it’s yours and you’re in a lot of trouble” without any proof and expects the courts to accept that at face value. To this date, my technical challenge remains unanswered and their process cannot
be verified by an network engineer or internet professional. They’re doing it all behind closed doors, and who knows what shenanigans they’re pulling. When so much is at stake for John Doe 8 and other defendants, this question cannot go unanswered. Given the RIAA’s awful record of getting things wrong, even basic facts such as whether an individual is even alive or not, we cannot trust them to be meticulous. The internet bountry hunters employed by the RIAA have an economic interest in identifying large numbers of people to sue and their carelessness is reflected in their work. The courts need to hold the RIAA to a higher standard instead of allowing them free reign to accuse and invade the privacy of users with these dangerous lawsuits.
Stay tuned, and if you have any thoughts you’d like passed on to Zi privately, please email me and I’ll make sure they reach him. And – post his request anywhere useful you can think of.