Forgot your password?
typodupeerror
Software Government The Courts News Your Rights Online

RIAA's 'Expert' Witness Testimony Now Online 512

Posted by Zonk
from the hole-in-the-argument dept.
NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"
This discussion has been archived. No new comments can be posted.

RIAA's 'Expert' Witness Testimony Now Online

Comments Filter:
  • 14 MR. BECKERMAN: I would like to mark as Exhibit 3 a two-page article dated April 19, 2004 by David Chappelle entitled "Newest PacketHound release eliminates illegal trading of copyrighted files."

    Oh man, even Chappelle is going over to The Dark Side. That is *not* funny, Dave.

    [/humour]
    • by Brian Gordon (987471) on Saturday March 03, 2007 @10:50PM (#18222698)
      This is not an option nigger, share the file or we have a problem.
  • by Raul654 (453029) on Saturday March 03, 2007 @09:52PM (#18222378) Homepage
    I saw something in the transcript that I wanted to point out before anyone else here criticizes Jacobson on it:

    Q. By what body are you certified as an engineer?
    A. By no professional society.
    Q. No professional society? Is there any organization that has certified you as an engineer?
    A. No.
    Q. Are you part of any peer regulatory body?
    A. I don't quite understand what you mean by --
    Q. Are you part of any body the members of which are peer-regulated?
    A. Can you give me an example of what you are --
    Q. A lawyer, an architect, an accountant. I thought an engineer had to be certified by a peer-regulated body.
    A. To be called a professional engineer they do.
    Q. So are you not a professional engineer?
    A. I do not have a PE license.

    Based on his Jacobson's research page [iastate.edu]. It looks like Jacob's, a professor "on the faculty of Electrical and Computer Engineering", is a computer engineer. Given that, the above statement is totally understandable As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE. (Not a single computer engineering professor in my University is). PE's are common in engineering professions where somebody needs to sign off on the final product - civil engineering especially, and mechanical engineering to a lesser extent.
    • by Cassini2 (956052) on Saturday March 03, 2007 @10:05PM (#18222448)
      I'm a Computer Engineer and a Professional Engineer. If I testify in legal proceedings, I am required to adhere to specific professional standards. My certifying body takes our legal obligations fairly seriously. A customer would be wise to hire properly licensed engineers for matters involving legal responsibility and/or large contracts. Amongst other requirements, licensed engineering firms require liability insurance, so if things go bad, the customer has some recourse. We also have ethical standards constraining what we can say or do.
      • Such as testifying as an expert witness in judicial proceedings in which one party is seeking to recover tens of thousands of dollars?
        • by Cassini2 (956052) on Saturday March 03, 2007 @11:39PM (#18222982)

          I would expect my licensing body would get annoyed with me if I spent "45 minutes" (Page 54) drafting a report that was used as part of litigation. They expect that Professional Engineers check our facts so as not to mislead a jury. This avoids sequences of questions like that from Page 42, where the witness essentially admits:

          a) he did not look for alternative explanations,

          b) he did not check how accurate his findings were (potential rate of error),

          c) he has no standards or controls,

          d) he is not using published methods accepted by the scientific community, and

          e) has no way of determining if the information given to him was correct.

          It is considered a substantial problem if a Professional Engineer misleads a jury, as it can pervert justice. As such, it is very important for the legal duties be taken seriously and with the required standards of care.

      • by davidwr (791652)
        As a Software Engineer who does not have a PE, I'm curious as to what areas of software require a PE?

        About the only ones I can think of are in control systems, particularly where a failure could cause loss of life or serious injury. The computers that control an automobile engine and brakes come to mind. "Secondary" systems which provide life-saving information, such computers in aircraft-control towers, might also require a PE's blessing, but this seems like a stretch.

        Are there any software engineers out
        • by Raul654 (453029)
          I'm almost certain that the NSPE, the main (only?) engineering licensing body, does not offer licensure to software engineers. As a computer engineer, when I took the FE exam (the exam you have to pass before you can take the PE exam and become a professional engineer), I had to take it in electrical engineering, because they have no separate computer engineering exam. And having a software engineer take it would be throwing him to the wolves - the electrical-engineering specific section is REALLY FUCKING H
      • a joke (Score:3, Insightful)

        by acidrain (35064)

        A scientist, an engineer and a programmer are on a road trip. Their car goes out of control on a steep hill and they barely make it to the bottom alive.

        The scientist tries to calculate the distance to the nearest repair shop, the engineer suggests checking the wiring and brake pads, and the programmer suggests driving to the top and seeing if it happens again.

        My point? Programmers and engineers are different. The best way to solve their problems is different. I trust this CTO more because he doesn't h

    • by Anonymous Coward
      "Q. Are you part of any peer regulatory body?
      A. I don't quite understand what you mean by --"

      A professor is part of a "peer-regulated" body. He may not be able to call himself an engineer, but that doesn't mean he's not an expert.
      • by lawpoop (604919)
        It doesn't mean that he's not an expert, but it does mean that there's nothing really keeping him honest in the courtroom, other than his reputation. He could have sold out to the RIAA.

        If you are a PE and you build a bridge wrong, you could lose your license, thus your livelihood, and even be thrown in jail. If Jacobson describes what he is capable of knowing about P2P filesharing that's not entirely accurate, what exactly does he suffer? Might that be outweighed by whatever compensation he was getting fro
    • by lawpoop (604919)
      True, the fact that he is not licensed does not mean that he is outside of his realm of expertise. The fact that he is not licensed sort of means that if he is caught lying or doing a shitty job, the only thing he loses is his reputation and standing.

      He could have totally sold out to the RIAA and developed a bogus, faulty, or ambiguous method of identifying file-sharers. If he belonged to a professional organization, he would be legally responsible for his work. As it stands, he is not.

      Professors are
    • by mollymoo (202721) on Saturday March 03, 2007 @10:31PM (#18222584) Journal

      As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE.

      Way off-topic, but programming desperately needs the kind of accountability and professionalism that 'real' engineering has. We're around where engineering was 100 years ago just now, with a hundred different screw threads and steam engines which explode in your face. 'software engineering' may be an academic discipline, but 'professional' (in their execution) software engineers are few and far between and professionally engineered software is rarer still. The lawyer is making a valid point.

      Before you ask, I am a professional (it's my job) programmer. I'd love to be an engineer. I'd love to work somewhere where those kind of standards were applied. I'd get a CS degree (mine is in Physics), but those programmers I've worked with who have CS degrees don't seem much more engineer-like in their application than those without. Too much hacking, not enough engineering. Perhaps civil engineers would be the same if every bridge had "this bridge comes with no warranty, either express or implied" written into the contract.

      • by Raul654 (453029) on Saturday March 03, 2007 @10:36PM (#18222620) Homepage
        As far as licensing, one of the turning points happened when a school in Texas blew up as a result of faulty engineering. Public outcry caused them to pass the strictest engineering accountability standards in the nation. (IANAL - if you are are not an NSPE licensed engineer, but your business card calls you an engineer, and you happen to be passing through Texas, DO NOT put your business card in any of those put-your-business-card-in-here-to-win-something fishbowls. I've been told people have been prosecuted for this under the licensing laws)
      • programming desperately needs the kind of accountability and professionalism that 'real' engineering has.

        So would a PE software engineer lose his license if he made software with numerous bugs? Can software engineers really be held to the same level of accountability as structural engineers? I thought it was near on impossible to write error free software these days. What criteria would you use for standards?
        • by Runefox (905204)
          Structural faults in buildings are also something that is unavoidable, though the utmost of care is taken to ensure it doesn't happen, both before and after construction. Therefore, such an engineer on the software side would be responsible for ensuring that software is relatively bug-free and well-tested, and to ensure that any bugs found are swiftly and effectively squashed.
        • Re: (Score:3, Informative)

          by Dun Malg (230075)

          So would a PE software engineer lose his license if he made software with numerous bugs?

          No, not so long as the bugs a) weren't serious in their consequences, and b) the system failed gracefully without seriously damaging any data. Just the same as a professional structural engineer. If (for example) the construction crew slightly screws up the sand mix in the concrete in one section, it is expected of the engineer to have spec'd the building such that it won't simply collapse as a result. Engineering is often about planning for bad things to happen and mitigating the effects by design.

    • The FE Exam (Score:5, Informative)

      by dj245 (732906) on Saturday March 03, 2007 @11:02PM (#18222758) Homepage
      I'm currently studying for the spring Fundamentals of Engineering exam (FE). After taking this exam and working in the field of engineering for 5 years, you can take the Professional Engineering (PE) exam. Its not the easiest test in the world, and its a big pain in the arse. That said, I think a computer science student would have a particularly hard time with it. The morning session (general) is composed of several subjects including chemistry, strengths of materials, physics, thermodynamics, fluid mechanics, a small ethics session, etc. Basically all engineering knowledge known up to 1935, updated to the modern day. Everyone has to take the general session, and I think Comp sci students would struggle with it.

      The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.

      As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.
      • by Raul654 (453029)
        (A) Yes, they have chemical engineering.

        (B) As someone who took the FE electrical engineering exam, I can tell you that I seriously doubt more than tiny fraction of computer science students could pass the electrical engineering section-specific exam.

        The morning section (general engineering) is relatively easy, especially if you have a well-rounded engineering background (I knew enough about steel composition from quiz bowl [wikipedia.org] to answer that mechanical engineering question in the morning section, for example.
    • In Oregon you have to have a PE to have the word 'Engineer' in your title, or to call yourself one.

    • Re: (Score:3, Insightful)

      by Yvanhoe (564877)
      I would also say that I don't really understand the tone of the /. post here. I have read half of the 143 pages and I must say Jacobson has made patient and correct statements all the way of the interview. It must have been really frustrating explaining how MAC and IP address work to a lawyer.
      • Re: (Score:3, Insightful)

        It's not a question of how patient he was, or how frustrating it was for him, or how ignorant I am of technical things. It's a question of a man purporting to giving "expert" opinions which are not based on any verifiable methodology worthy of being used in a court of law to support someone's claim against another person for tens of thousands of dollars.

        You shouldn't be feeling sorry for him, you should feel sorry for his thousands of victims.

        He had a choice of whether to accept an assignment he was not qu

  • Respect (Score:5, Interesting)

    by lightversusdark (922292) on Saturday March 03, 2007 @09:53PM (#18222396) Journal
    Respect to you Ray.
    I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
    And it's nice to see that the community could have been of help.
    All the best.
    • Thank you, light.

      (You don't mind if I call you by your first name, do you?)

      • Haha.

        Smart, funny, and respectable? Are you sure you're a lawyer?

        If I'm ever in (yourtown) I'm going to have to buy you a beer.
        • If I'm ever in (yourtown) I'm going to have to buy you a beer.

          I think Ray is owed a whole pitcher at least, and I'd be the first to buy him one and share it over some laughts.

  • Does someone want to summarize that deposition before I die of lawyer-speak overdose?
    • by mikelieman (35628)
      You really do need to read it to savor it properly. The "Ok, Demonstrate it." part is going to be a classic.

    • Does someone want to summarize that deposition before I die of lawyer-speak overdose?

      The expert found nothing incriminating, and the RIAA therefore maintains they were given the wrong hard drive. Now go have a beer.

    • Re:You wha? (Score:4, Informative)

      by Anonymous Coward on Sunday March 04, 2007 @12:29AM (#18223440)
      As I interpret it, the summary is that the guy inspecting the hard drive appeared to have no formal qualifications, his methods were not peer reviewed, he was unaware of the exact methods and procedures of the software he had been using to identify the user or examine the hard drive, he could not testify that although media appeared to be shared it had actually been downloaded by any person (other than the software looking for copyright material), although he examined the disk he didn't actually document any of his findings, that he was not aware if the time of IP address allocation and the IP address to account lookup that Verizon did was actually correlated/synchronized, that he was unaware of Verizons' procedure for looking up such data and if it was free of human and/or mechanical errors, that he didn't know what the IP allocation time was or how many times this dynamic IP address had been allocated that day, that he himself teaches classes involving spoofing, that there were 3 user accounts on the hard drive that he examined, and that, assuming the information from Verizon was accurate, he had no way to actually show which particular person had been using the computer. Further, he conceded that it was possible to compromise and control a computer remotely over the Internet, and that he had not investigated if this had actually occurred. A document was also referred to in which it was shown that P2P applications often scan users hard drives and share media on installation, and many P2P users are not aware of which files on their computer are shared, even when their whole drive may be shared, including personal documents. It was also stated that P2P applications can run in the background, e.g. in the system tray, perhaps without the users knowledge.

      There was some tenuous discussion of how MAC addresses are used (to which I am not certain I completely agree, but I'm not an expert), and again on how the correlation of two address fields in a Kazaa packet shows that the computer was connected directly to the Internet and not through a router. Again, there was nothing to show that the computer connected to the Internet at the time actually belonged to the Verizon account holder, because no MAC address was recorded and in fact he didn't have access to anything except the hard drive (although personally I would expect Windows records this in the registry, which he did examine and didn't document). In any case, he did say that MAC addresses could be spoofed.

      Most interesting for me was that as the examiner, he had been asked purely to find out if Kazaa and MP3 files were present, and he seemed to followed that direction, failing to look for any materials (e.g. malware, remote control apps, etc.) that could possibly have assisted the defense.

      HTH
  • Zzzzz... (Score:2, Funny)

    by Frosty Piss (770223)
    Maybe someone kan point out the juicy tid-bits. I'm up to page 20, and I'm falling asleep.
    • Re: (Score:3, Funny)

      by Quantam (870027)
      Ughhh. I'm up to 40 and reading. This is like a Mongolian [wikipedia.org] version of Law and Order.
  • Some "expert"! (Score:4, Insightful)

    by Coopjust (872796) on Saturday March 03, 2007 @10:36PM (#18222614)
    This guy comes to the conclusion that it was the defendant's computer, even though there is no evidence from hard drive forensics, and he says there is no wireless router since the IP was registered to the house.

    Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.
    • Re: (Score:3, Insightful)

      by geoskd (321194)

      Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.

      I feel bad for the guy. Yes, he sold his soul to the mafiaa, but internetworking is difficult enough to explain to someone with some background in IT. This deposition is exactly the same kind of thing you would get if a lawyer had to explain tax law to a computer engineer, with the added benefit that the Q/A process is an exceptuionally difficult way to go about educating someone on how this crap actualy works. The long and the short is that The guy can demonstrate that the machine that was running KaZa

      • Re:Some "expert"! (Score:5, Interesting)

        by Coopjust (872796) on Sunday March 04, 2007 @01:25AM (#18223868)
        He tried very hard not to say that it is always true because it isn't. That is why the lawyer (who clearly doesn't understand internetworking, but had a list of "gothchas") couldn't pin him down to anything.

        While you may be right that the alledged KaZaa packets would support that idea, the main problem is that the RIAA expert has *no* way to verify any of his claims.

        -He failed to document his forensics- which he believes is not necessary and any other professional would consider "OK". (Riiiight).
        -He claims to be an expert on MediaSentry, but doesn't know enough about the program to discuss about potential bugs, the way it works, whether or not it has the ability to be wrong, etc.
        -He tries to claim that the evidence proves his case, admits any screenshot can be manipulated, and proceeds to describe how it proves it.
        -He admits the forensics, on the entire drive, found *nothing* that would suggest that there were illicit files, much less KaZaa.
        -He admits that there was no verification that what Verizon produced was true.

        His testimony is full of holes...
  • Why is it that Mr. Gabriel is constantly making an objection to form when the judge just keeps denying him with a lack of foundation? Is it a case of throwing enough shit that some will stick?
  • IPV6 (Score:5, Insightful)

    by Nom du Keyboard (633989) on Saturday March 03, 2007 @10:45PM (#18222668)
    There's a spot down in there where the RIAA expert refers to IPV6, and this refers to 2004. That alone should get him laughed out of the tech community.

    Not to mention that he maintains he can trace the IP address back to a specific ISP account and computer (emphasis mine). Unless he's a Peeping Tom with a web-cam in the defendant's house, the RIAA should be demanding their money back from him.

    Oh, and then there's the place where he maintains that at the time the computer was imaged many months afterwards, that there was no wireless router in use at that time Media Sentry "discovered" this "infringer". Is there a log that keeps records of every IP address you've ever connected with?

    And I have to laugh at how he refers to "registered" computers. I thought he was talking about gun registration, or some such thing. I've never heard of my own computer being "registered" to anything. Is this another invented RIAA term, like "Media Distribution System"? Has anyone else ever referred to KaZaA, or any other P2P program, as an MDS? Ray, you can't be letting the RIAA frame the terms of the debate to ignorant Judges.

    And don't miss the parts where he says he didn't actually document any of his findings because there was nothing to find, however, you should go through your own copy of the disc to verify my Registry findings that no wireless router was in place. He's supposed to be the expert, and he wants the defense to replicate his findings in the Registry??? Are there any registry experts here? Probably a few, but not many. But he assures us it's there.

    Biggest thing is that he says that no KaZaA was present, nor any infringing music files. The only way the RIAA can respond is you sent us the wrong hard drive. No question that the person in question might have actually been innocent. RIAA -- You Bastards!

    Glad to know that we helped, Ray! Keep fighting the good fight!

    • Thanks, Nom. Yep you picked out some of the many goodies. It was a very fertile outing. I've only had it for a day, and have already cited it in another case [blogspot.com]. Lawyers defending RIAA victims are going to have some fun with it.
    • Re: (Score:3, Informative)

      by Quantam (870027)
      I gotta say that at least based on probability, I have to go with the RIAA on the matter of whether there was a NAT. The internal/external IP address match is significant; not bullet-proof (it can be spoofed), but probability does suggest that there was no NAT in this instance. Besides that, someone with the knowledge to spoof that would have a reason for doing it; if you can think of a reason somebody would spoof it in that particular way (apart from trying to intentionally incriminate innocent people), fe
  • by b3gr33n (1071090) on Saturday March 03, 2007 @10:53PM (#18222712)
    The RIAA lobbyists have been a busy lot. On Friday, they got the Copyright Review Board to grant them a fee based system that will essentially shut down the majority of small Internet Radio stations. Way to go boys. Bring on that corporate commercial media. http://www.radioparadise.com/ [radioparadise.com] http://www.save-internet-radio.com/2007/03/02/save -internet-radio/ [save-internet-radio.com]
  • If you have a wireless router, anyone could be sharing files on your network. Even with encryption and MAC filtering, a determined outsider could use your network (they probably would just use one of the "Linksys" SSIDs in the neighborhood instead). The term "war driving" was never brought up, stealing wireless access happens enough to have its own term. Most routers come out of the box without encryption (I don't recall one that does). Non-technical people are just happy their "Internet Explorer works"

    • by bendodge (998616)
      The Linksys WRT54G does. It has this "Secure Easy Setup" button on the front that trashes your wireless configuration when you press it. (I think you have to connect it to other devices with the same button and then press them all.)

      But hey, it's out-of-the-box encryption.
  • Damn (Score:3, Interesting)

    by Kythe (4779) on Saturday March 03, 2007 @11:01PM (#18222748)
    I knew Doug Jacobson when I was an engineering student at ISU. He seemed like a decent and knowledgeable guy, very interested in computer security.

    I'm very sorry to see he's come to this.
    • Re:Damn (Score:5, Insightful)

      I think many of his students will be appalled at the actual contents of his testimony.

      For example, he teaches a course in "Information Warfare", the entire thrust of which is that the internet is dangerous and insecure in the extreme. He teaches students all about the infinite numbers of vulnerabilities.

      Then he testifies that he forms an opinion in 45 minutes based upon some printouts from an investigator who pulled down some screenshots from the internet.... with no verification whatsoever.

      And that he's give about 200 such opinions. And so far, 200 out of 200 concluded, without reservation, that there was indeed copyright infringement.

      What kind of grade would he issue to a student who handed in work like that?

      • Re:Damn (Score:4, Insightful)

        by violet16 (700870) on Sunday March 04, 2007 @04:54AM (#18224836)
        I'm not especially techy, but it seems that the general opinion here is much harsher on Jacobson than is really warranted. Obviously most of us here think he's on the wrong side of an important fight, but we need to actually address what he says, not dismiss him because we think he sucks.

        The on-topic +5 posts here seem very biased to me. They are insulting towards Jacobsen but fail to identify anything like an actual error in anything he says. The general opinion as to why he's wrong seems to be (a) the RIAA could have faked their screenshots, (b) the application could have been custom-hacked to lie about its private IP address, (c) Jacobson doesn't know exactly how the sniffer technology works. Which is all true. But it's quite unlikely that the RIAA is faking up screenshots so they can accuse completely random people of illegal file sharing, or that the accused custom-hacked their Kazaa client, or that the sniffer tech is totally bogus.

        If you're accused of illegal file sharing and you're innocent, I'd imagine plausible reasons why are:
        (a) They identified the infringer's IP address correctly but are mistaken in thinking it was assigned to you during the relevant time window; or
        (b) The infringement did take place on your IP address but you have an unsecured network (ideally a wireless router) and god knows who did it; or
        (c) The infringement did take place on your computer but several people use that and who knows which of them did it.

        Unless Verizon screwed up, (a) seems out. And despite what Ray seems hell-bent on establishing, so does (b), given the public IP/private IP match. That strongly suggests it was indeed a single computer with a direct connection to the internet. Now, I know it's not 100% proof. But it seems to be quite likely, and I'd think it certainly sounds plausible to a judge.

        Now please correct me if and where I'm wrong! Can we actually find something Jacobson said that's plainly wrong, and not just possibly wrong under unlikely circumstances?
        • Re: (Score:3, Insightful)

          They're not biased, violet.... They're just pointing out the glaring technical deficiencies and fallacies in Dr. Jacobson's "opinions", and the absence of any proper methodology used by him in arriving at them. I'm not especially techy either, Violet, but this thread is really one for the techies. People like you and I need to step aside and let the tech community vet Dr. Jacobson's "methods". He himself admits he has never published them, or tested them, in any way. We need to let the tech community do its
        • Re: (Score:3, Insightful)

          by Compholio (770966)

          (a) They identified the infringer's IP address correctly but are mistaken in thinking it was assigned to you during the relevant time window; or

          This is more complicated than you make it out to be - just because your ISP assigns you an IP address doesn't mean you have to use it. You can very easily spoof someone else's IP, and if you were up to something inappropriate (say, a huge file sharer) you might want to do that. Before you move on and say "but then you can check the MAC address", you can change yo

  • IP Addresses (Score:2, Interesting)

    by l2718 (514756)
    Dear Mr. Beckerman, It seems that you misunderstood one point about IP addresses and NATs, which led to a lot of time wasted in the deposition. In a situation where the user's computer hides behind a NAT, it will still have an IP address on the local network (the one on which the user's computer and the NAT reside). The NAT will have two IP addresses (one on the local network and one on the global internet). In this setup, the IP address space on the local network is completely independent of the IP addr
  • What a joke (Score:3, Interesting)

    by Stevecrox (962208) on Saturday March 03, 2007 @11:28PM (#18222900) Journal
    After reading that all I can see if the guy evading the question, flat out denying truths, agreeing with them in limited fashions, constantly playing dumb. His investigation methods are borderline incompetent, after reading that huge PDF I could only say he should not be allowed to be a whitness in any case I mean I'm a third year computer engineering student most of my course emphasis has been on networking and hardware rather than this sort of thing but I can see huge holes in his logic.

    1.Doesn't verify his sources Beckermans point about "are mediasomethigns and verizons clock synchronised" is a good one espeacially when you consider his point about the nature of IP address's, at the very least he should have requested the lease time of that IP (so when did the subscriber start using the IP and for how long) to verify that the information had a chance of being correct.

    2.No set method, the lack of reports and the fact he never made print outs suggests he doesn't have a set method of investigating, which personnally would make me question his investigation techniques this results in a whole list of problems:
    2a.means no evidence supporting the defendent was kept, in effect his not impartial and also hurts the defense 2b.suggests he makes it up as he goes along, a "what seems a good idea at the time", as you can clearly see he's missed out on some issues which are important, like confirming the MAC address of the machine and its method of connecting to the internet.

    3.Deliberate attempts to twist what hes saying or not sticking to the question an example would be towards the end where he starts talking about IPV4 and finishs with IPV6. I don't know how either works exactly but he should have talked about both seperatly, the use of both at once means he could be dilibertly hiding stuff, when was IPV6 rolled out anyways? Anouther example would be his linking IP address's directly to a PC, no matter how many times Beckerman tried to get him to admit that when accessed through a router the IP address given to the outside world is the routers not the individual PC's. 4.Lack of actual investigation, now I'm not sure what he was exactly hired to do but by the looks of it RIAA hired him to prove and be a whitness to say that a person used Kaza to download and share music. Hes not done that, hes investigated the drive he was sent found no traces of Kaza on it, or any MP3's (I think he indirectly said this) rather than investigate possible explanations for this, for example did the person own two pc's, did they connect to the internet through a router, could this router have been compromised (perhaps unsecured), perhaps then look for security vulnerabilities to see if it was a zombie machine, or for other security problems. Then if he couldn't prove any of that attempt to verify that mediashares information was correct, check it and check verizons and then attempt to co-oberate that information somehow, for example attempt to obtain the MAC address from the hard drive and from mediashares packet information in otherwords to link them up. Otherwise all he can actually claim is that "The pc in question when inspected did not have the Kazaa program on it at any time, nor does it appeared to have or have had the media files that mediasomething accuse the computer of having" His conclusions from his investigation lack any form of imparitality and it appears that he was unwilling to give any real unbiased opinion.

    personnaly after reading that disposition I would seriously call into credibility as a expert or even as a whitness. I'm sure better people than I could take apart his disposition its 3am here I'm tired but those are the things that come to my mind at least
  • by cojsl (694820) on Saturday March 03, 2007 @11:37PM (#18222964) Homepage
    From p. 88:
    Q. But you don't know whose computer it actually was, do you?
    A. No.
    Q. But your report said it was defendant's computer, so I think you will agree that that's an imprecision in your report.
  • by violet16 (700870) on Saturday March 03, 2007 @11:40PM (#18222994)

    A few unhelpful observations.

    This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:

    A. Our company worked with Audible Magic to develop a product to stop peer-to-peer traffic as identified by Audible Magic's proprietary code.
    Q. And you are testifying here today that you have no idea how the RIAA reacted to this work that you are doing?
    A. That's correct.
    Q. Have the press releases issued by Palisade Systems referred to the RIAA?
    MR. GABRIEL: I object to the form.
    Lack of foundation.
    A. I'm sure that some of our press releases have probably mentioned the RIAA.

    I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.

    This is funny, too:

    Q. Based upon your examination of the hard drive which you examined, what evidence did you find that inculpated Marie Lindor personally?
    MR. GABRIEL: Object to the form.
    Lack of foundation.
    A. Would you please define the second-to-last word.
    Q. "Her"?
    A. No, "inculpated." Would you please define that for me.
    Q. Do you not know what the word "inculpated" means?
    A. That's correct.
    Q. Are you familiar with the word "exculpate"?
    A. No.
    Q. What is your educational background?
    A. Computer engineering.

  • by grandpa-geek (981017) on Saturday March 03, 2007 @11:47PM (#18223070)
    IANAL, but I understand that there are standards for admissibility of scientific evidence, and the questions quoted below (and several that follow) cover them. The most recent ruling is called "Daubert."

    Whatever this witness has to say based on his methods is useless because the methods have not been generally accepted and/or there are no peer reviews or tests of the methods' accuracy/reliability and no known level of accuracy/reliability.

    Q. Has your method of determining from
    the MediaSentry materials whether a particular
    computer has been used for uploading or downloading
    copyrighted works been tested by any testing body?

    A. Not that I have submitted.
    Q. Do you know anyone else that is using
    your method, other than you?
    A. Not that I'm aware of.
    Q. Has your method of determining
    through the MediaSentry materials whether a
    particular computer has been used for uploading or
    downloading copyrighted works been subjected to any
    form of peer review?
    A. Not that I'm aware of.
    Q. Has your method of determining from
    the MediaSentry materials whether a computer has
    been used for uploading or downloading copyrighted
    works been published?
    A. No.
    Q. Is there a known rate of error for
    your method?
    A. No.
    Q. Is there a potential rate of error?
    MR. GABRIEL: Object to the form.
    A. I guess there is always a potential
    of an error.
    Q. Do you know of a rate of error?
    A. To my process, no.

    Q. Are there any standards and controls
    over what you have done?
    A. No.
    Q. Have your methods been generally
    accepted in the scientific community?
    A. The process has not been vetted
    through the scientific community.
  • by Proudrooster (580120) on Sunday March 04, 2007 @01:02AM (#18223688) Homepage
    Wow! I just finished reading the ASCII transcript and would be embarassed to bring this case. Just looking at the following facts:

    • The "expert" did about 45 minutes worth of work and produced no evidence to support the allegations and produced almost no documentation.
    • The "expert" does not fully understand how the software that gathered the evidence functions
    • The "expert" does not know if the information he received from the ISP (Verizon/3rd Party) is accurate.
    • The "expert" does not know if the clocks were synchronized between the evidence gatherers and the ISP.
    • The "expert" can not identify which computer is involved in the allegations.
    • The "expert" can not identity what physical person is involved in the allegations.
    • The "expert" understands the Internet is insecure and computers can be taken over and remote controlled.
    • The "expert" understands there are several methods which could have mistakenly identified the accused, e.g. "ip spoofing".
    • The "expert" either lied under oath or is not really an expert when he said he could not make certain determinations about a computer based soley on the harddrive. He stated he could not tell if the computer had a "wireless network card" by looking soley at the registry without the computer that the registry came from. Huh???? Hint to the "expert", look for "WLAN" in the Registry, double hint, WLAN='Wireless LAN'.
    • The "expert" could not demonstrate that the files uploaded/downloaded were copyrighted material and simply had a screen shot of some filenames and ip addresses from a 3rd party.
    • The "expert" acknowledged that screenshots could be faked.
    • The "expert" acknowledged that public IP addresses can change often and could be spoofed


    This entire case hinges on screenshots, mystery analysis software "encase", a questionable expert, and an IP address obtained from an ISP. The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."

    I suspect that if one were to dig deeper into the so-called evidence, one would learn that information obtained from Verizon is prone to error, and that the procedures for generating the screenshots from KaZaa are based on assumptions which are prone to error and probably performed by monkeys. I want to read the deposition from the "dude/monkey" who took the screenshots, please post that one next.

    If I were the lawyer for the defendant, I would already be filing my motion for dismissal "with prejudice" with the award of reasonable lawyer fees for having brought a case without any evidence.

    Are there any standards for evidence? Is a printout obtained via supoena really a standard for evidence? If so, I can prove anything you like and as a bonus, I even have a professional certification. :)
    • Re: (Score:3, Informative)

      by debrain (29228)
      The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."

      It's late, and it's been a while since I've done this stuff, so I imagine someone else can do this better, but there's no post up yet.

      Rules of evidence (no reference to policy, just rules). Law often works in layers, for example, something likeso:
      - General rule: Everything relevant is admi
      • Re: (Score:3, Informative)

        Under Federal Rules of Evidence and applicable caselaw expert testimony is admissible only if it meets certain standards. Dr. Jacobson's testimony meets none of those standards and will not be admissible.
  • by macemoneta (154740) on Sunday March 04, 2007 @01:28AM (#18223882) Homepage
    There seems to be a common misconception, that I noted in the testimony, that you have to use one of the reserved IP address ranges on the LAN side of a NATed router. In fact, you can use any address at all (I do). The only downside to this practice is if you eventually have to move the NATed host(s) to the WAN side, they need to be re-addressed - and of course, that only applies to hosts with statically assigned IPs.

    In other words, by looking at the IP address contained in the payload, there's no way to tell that it was behind a NAT router or not simply because the IP address was not in a reserved range.

    Secondarily, since the computer interface IP address is in the packet payload, that is data that is being sent by an application. The application (whatever it was that was communicating with the P2P network) may:

    - lie. It could be a hacked version of a P2P standard application,
    - allow user configuration of the IP address in the payload (if I remember correctly, some seem to),
    - be broken. I assume all versions of all applications that communicate on the indicated P2P network were not vetted for their proper functioning.

  • by Creepy Crawler (680178) on Sunday March 04, 2007 @01:39AM (#18223940)
    I've seen Kazaa mess up our DSL connection quite a few times. Now, did we use Kazaa? Nope. (we prefered WinMX and irc, but thats beside the point :-D).

    When a user gets on Kazaa, the Kazaa network perpetuates that External IP address through their network. Your external_IP is linked to your kazaa_username. Now, when people search and get your kazaa_username, they hit that IP address. All is fine and good... until you are knocked off of DSL or your dhcp timer is up.

    Then, you reconnect using a new external_IP. Now, you have many users on Kazaa that know your username goes to either your old IP or your new IP.

    The network trashing occurs to the person who inhabits your OLD external_IP. You see a LOT of bandwidth from users and Kazaa network towards your new IP address. We had a 768/384 Kb connection, and 200 Kb was ate up with garbage from Kazaa from the previous IP inhabitor. This number of garbage connections approaches 0Kb, but never meets it.

    Perhaps they detected a residual connection like that.

  • by wrook (134116) on Sunday March 04, 2007 @03:42AM (#18224554) Homepage
    Well, I can feel for the defending lawyer, but the NAT discussion didn't quite succeed IMHO. The expert claims that the fact that the Kazaa packet had the public IP address means that the computer wasn't behind NAT. But the lawyer counters with a paper describing how Kazaa (since version 2.0) uses a technique to determine it's public IP address in order to get around certain NAT problems.

    This should have been the killer point. I completely trashes the expert's claim of expertness on the protocol. However, the wording was just too confusing for most people to really understand. I'm not a lawyer so I'm not quite sure what could have been done better, but if possible I certainly wouldn't leave it like this.

    In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies). A good question would have been "Have you ever seen anything other than a public IP address
    in a Kazaa packet?"

    If there is another opportunity it would be a good idea to nail this point home. Really, if the expert can't understand how a p2p program defeats NAT by discovering it's public IP address, then he isn't much of an expert. And if you show that having the public IP in the Kazaa packet does *not* mean it was installed on the computer containing the NIC assigned the address, then really they have no information at all...
    • Re: (Score:3, Interesting)

      by evilviper (135110)

      In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies).

      (For the record: I don't know Kazaa... I know Gnutella)

      P2P programs work fine behind a firewall/NAT, without public IP addresses, and without forwarded ports. The ONLY problem is when BOTH nodes are behind a firewall/NAT. And even there, there is a workaround that can be employed

      • Re: (Score:3, Informative)

        by Sangui5 (12317)

        And even there, there is a workaround that can be employed with the use of a 3rd party that doesn't block incoming connections (though I haven't heard of any P2P protocols currently use this method in the wild).

        Skype (which, coincidentally, was written by the same people who wrote Kazaa) uses some of those workarounds to punch through NAT firewalls. I do not know if Kazaa uses them, but the authors of Kazaa could have certainly done so.

        The point of all this being, you can share files, without accepting

  • by XaXXon (202882) <{moc.liamg} {ta} {noxxax}> on Sunday March 04, 2007 @04:37AM (#18224790) Homepage
    Embarassingly far down in the document, there's a funny "hear-o"

    A. A search on KaZaA can "prop you will gate" from one supernode to another.

    I'm guessing he said "propogate"..
  • by bbernard (930130) on Sunday March 04, 2007 @10:24PM (#18232806)
    I see a couple of potentially significant details that got left out here, or that, after reading the deposition, I missed in other people's comments. (Disclaimer: I have no certifications, nor am I a lawyer, so there is no more validity to my comments than those of the RIAA's expert)

    1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.

    2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.

    3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?

    4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.

    All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?

"Regardless of the legal speed limit, your Buick must be operated at speeds faster than 85 MPH (140kph)." -- 1987 Buick Grand National owners manual.

Working...