Print 60 comment(s) - last by khaydin.. on May 24 at 12:47 PM

  (Source: Kevin Pezzi)
Lack of technical knowledge plagued the court for years, allowing the RIAA to victimize citizens

Judge Harold Baker, a judge at the Central District Court of Illinois, has ruled that an internet protocol address does not necessarily mean a specific person, and thus can not be treated as such in a criminal or civil investigation.

I. IP Doth Not a Person Make

Technology professionals have long understood that IP addresses are closer to a zip code than a social security number.  Multiple people locally accessing or remotely funneling through a specific hotspot can share IP addresses.  In short, IP address offers little clue to a users' true identity.

Yet for years the Recording Industry Association of America (RIAA), along with its international peers, has been victimizing individuals into out of court settlements, because their IP address was found to be sharing copyrighted materials.  Some of these individuals didn't even have access to a computer, and in at least one case, the target of the RIAA complaint was a recently deceased elderly individual.

In court, the U.S. largely upheld IP logs as evidence in trials such as the cases against Jammie Thomas-Rassert and Joel Tenenbaum.

And recently, the U.S. Federal Bureau of Investigations (FBI) and its sister agencies have been conducting raids on suspected child pornography viewers based solely on IP logs -- with minimal background research.  In many cases these raids were later discovered to be case of mistaken identity -- but that discovery came too late for brutalized homeowners.

II.  The VPR Internationale Case

Judge Baker ruled against a Canadian adult film distributor in the case VPR Internationale v. Does 1-1017.  In the case, VPR Internationale sought court authorization to demand customer data from internet service providers.  

It had collected logs of IP addresses of users' illegally sharing its materials via bittorrent.  By obtaining the subscriber information associated with the specific account, it hoped to coerce the subscriber into a settlement ranging from hundreds of dollars to a few thousand dollars.  As there was 100,000 IPs implicated in its request, the company stood to make a multi-million dollar profit from the settlements.

But as it turns out Judge Baker rejected the request, pointing out that multiple users could share an IP and requesting information would violate the subscriber's privacy rights.  He said the court was not in the business of authorizing a "fishing expedition" at the consumers' expense.

In the ruling [Scribd], he writes, "Orin Kerr, a professor at George Washington University Law School, noted that whether you’re guilty or not, you look like a suspect. Could expedited discovery be used to wrest quick settlements, even from people who have done nothing wrong? .. [T]he embarrassment of public exposure might be too great, the legal system too daunting and expensive, for some to ask whether the plaintiff VPR has competent evidence to prove its case."

III. The Road Ahead

The issue of IP addresses as evidence has hardly been laid to rest, though the practice was dealt a major blow by the ruling.

Generally, only higher courts will rule against an existing precedent in the U.S.  So the question becomes when and if a higher court takes this issue up, will they come to the same conclusions?

The public in the U.S. will have to wait to see whether future justice follows the same logical, well-informed perspective of Judge Harold.

In the meantime, the ruling should prove tremendously valuable to those looking to defend themselves against the RIAA or other threatening parties.  Texas lawyer Robert Cashman, who has represented several individuals in scuffles regarding IP-related copyright claims, blogs, "We may have just seen the order that may end all future John Doe lawsuits."

Recent legal decisions have also cast doubt on entertainment industry organizations' claims that "making available" equated to file-sharing.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: More like a phone number than a zip code
By Gzus666 on 5/4/2011 4:29:47 PM , Rating: 5
No it isn't. To deal with the looming IP shortage of IPv4 and the Internet boom, they developed NAT. This translates one public IP at the gateway into tons of computers on the LAN. You can have wireless or wired devices on this LAN and no one on the outside has any idea the difference. You could run hundreds of computers out of your one IP address and no one would know which one did what based purely on the IP.

It is a good start with IP, you can trace it back to a gateway, but it doesn't trace it back to a specific device or person.

RE: More like a phone number than a zip code
By Fritzr on 5/4/2011 7:51:42 PM , Rating: 2
To explain the reasoning of the judge.
Assume the IP connects to a single modem attached to a single computer. Who was sitting in front of the computer? This is the case that the lawyers claim for all IP addresses while claiming that only the named subscriber has access to the computer.

The reality is that a router is connected to the modem and the house across the street and neighbors in 2 or 3 houses to either side can use the router. All of those will share the same IP address. A router in an apartment building has a much larger number of potential users. So which of 5+ physical addresses each housing multiple people belongs to the IP address? The lawyers argue that the subscriber is legally responsible for the actions of the neighbors. This judge says that the person committing the crime is responsible and would the lawyers please ID the individual and then try again.

The reality of the IP equivalent to phone number is correct, but today those phone numbers are still tied to the payphone in the apartment building lobby.

IPV6 will not solve this problem. Wireless routers will continue to firewall the connection concealing the number and identity of connections behind that firewall.

Even if the machine IP is statically allocated and identified. Who owns the computer and where is it physically located? A war driver for example need only to assign themselves an IP address on the private LAN when they log in to it. This applies to both unsecured and secured with broken password.

The current wireless password systems can be broken by a laptop in less than an hour so while securing your router is good, it will not stop those that take the time to learn how to break in.

RE: More like a phone number than a zip code
By Gzus666 on 5/4/2011 10:46:44 PM , Rating: 2
Probably don't need to explain basic networking to the network engineer, but OK.

You are incorrect, IPv6 allows everyone to have a real IP without NAT (it is NATing that conceals, not firewalling). In fact, with IPv4, every device was intended to have its own public IP until the boom. When they instituted NAT, they carved out private IP space and reserved it for that purpose.

Now, the reality is you can still use NAT with IPv6 and I'm unsure whether the residential ISPs will be implementing NAT or not. They might not since we have so many addresses and it would be easier for them to just set a static IP for you. Not to mention the usual pitfalls of NAT.

I agree with the judge though, you cannot verify the person using the IP.

RE: More like a phone number than a zip code
By eldakka on 5/5/2011 2:45:20 AM , Rating: 2
IPv6 allows everyone to have a real IP without NAT

There are other reasons for NATing. Such as security. Preventing those outside your network from obtaining your internal network topology, number of devices and so on.

It is essentially irrelevant whether or not ISPs do NATing of IPv6. When the internet moves fully to IPv6, whether or not ISPs do NATing, many organisations will continue to NAT for security purposes. I know I will.

RE: More like a phone number than a zip code
By Gzus666 on 5/5/2011 1:10:35 PM , Rating: 2
Yea, exactly like I said. You don't have to explain networking to me, especially when I addressed what you said. I clearly pointed out that the residential ISPs will likely do it that way, enterprise has their own CPE and admins, so they can do what they wish. There are benefits to not using NAT, especially in the SIP world, so you have to weigh the pros and cons as an organization obviously.

Clearly the concern of the article is home users.

By Azethoth on 5/5/2011 6:25:31 PM , Rating: 2
Bottom line it for me. I need to run a naked wireless router when doing illegal internets stuff so that I can blame random other peeps?

Also, if we get rid of NAT after ipv6 would that not help track down spamming bots?

RE: More like a phone number than a zip code
By Drag0nFire on 5/5/2011 12:39:14 PM , Rating: 2
I'm just playing devil's advocate here... this is not my personal view.

But couldn't one argue that regardless of whether the activity could be directly traced to a single computer, a crime has occurred at that location that merits further legal investigation? To me, this is akin to catching a license plate of a car fleeing the scene of the robbery. I can't prove that the owner of the car is the culprit, but I'm also never going to be able to catch the culprit without following that lead.

By khaydin on 5/24/2011 12:47:01 PM , Rating: 2
But how do you know it happened at that location? IP addresses can change. Here's a scenario:

Person 1 downloads movie.
RIAA finds out, records IP Address.
Person 1's IP Address changes due to being dynamic.
Person 2 get's Person 1's old IP Address.
RIAA goes after Person 2 when they should be going after Person 1.

"Death Is Very Likely The Single Best Invention Of Life" -- Steve Jobs

Most Popular ArticlesSmartphone Screen Protectors – What To Look For
September 21, 2016, 9:33 AM
UN Meeting to Tackle Antimicrobial Resistance
September 21, 2016, 9:52 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
Update: Problem-Free Galaxy Note7s CPSC Approved
September 22, 2016, 5:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki