RIAA's 'Expert' Witness Testimony Now Online 512
NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"
Re:One quick thought about licensure (Score:5, Informative)
Re:Anyone who knows stuff about court... (Score:5, Informative)
For me to say why he was doing it would be speculation. My guess as to the reason: inexperience.
lie #2 ignores sharing of router and PC IP address (Score:2, Informative)
10 A. This tells me that there was -- yes.
11 There was no router.
12 Q. How does it tell you that there was
13 no router?
14 A. Through the two --
15 If you look at the second chunk down,
16 you will see the source address at the top and you
17 will see the KaZaA IP address midway through that,
18 and they match and they are both public IP
19 addresses.
20 Q. You said they match?
21 A. Uh-huh. The 141.155.57.198.
22 Q. That's the source?
23 A. And then down below you see the KaZaA
24 IP?
25 Q. Yes.
2 A. It's those two IP addresses.
3 Q. What does the first number indicate?
4 A. The first number of the IP address?
5 Q. Yes.
6 No. The second line of that chunk
7 that says "source." What does that indicate?
8 A. That is the source address. That is
9 where the packet came from.
10 Q. Now we go down to the next line you
11 referred to, it says "KaZaA IP." What does that
12 refer to?
13 A. That is the IP address that the KaZaA
14 software is running on, the IP address of the
15 computer that the KaZaA software is running on.
Some routers share their IP public addresses with a DMZ computer.
If the defendant's wireless router did that and a attacker across the street took over her router and made his laptop into a DMZ it would lead to this scenario. Kids, always secure your routers
The FE Exam (Score:5, Informative)
The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.
As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.
Re:Expert Witness? (Score:5, Informative)
Re:Respect (Score:5, Informative)
At a trial "lack of foundation" means the lawyer's question has leapfrogged over some other material that would have been needed ... i.e. laying a foundation.
But since I would only be crossexamining this guy, lack of foundation would not have been an appropriate objection to my questions there either.
I.e., the RIAA lawyer, hopefully out of inexperience rather than calculated dilatoriness, was wasting our precious time.
Re:One quick thought about licensure (Score:5, Informative)
I would expect my licensing body would get annoyed with me if I spent "45 minutes" (Page 54) drafting a report that was used as part of litigation. They expect that Professional Engineers check our facts so as not to mislead a jury. This avoids sequences of questions like that from Page 42, where the witness essentially admits:
a) he did not look for alternative explanations,
b) he did not check how accurate his findings were (potential rate of error),
c) he has no standards or controls,
d) he is not using published methods accepted by the scientific community, and
e) has no way of determining if the information given to him was correct.
It is considered a substantial problem if a Professional Engineer misleads a jury, as it can pervert justice. As such, it is very important for the legal duties be taken seriously and with the required standards of care.
Relevance of the registry for DHCP (Score:2, Informative)
Both 9x and NT-based variants keep information about DHCP address assignments in the registry, so that they can attempt to request their previous IP address after a startup. Specifically, in NT-based systems, you can look under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Tcpip\Parameters\Interfaces" to see a list of interfaces that Windows has available, and under each one of those, there exists a REG_SZ value, aptly named "DhcpIPAddress", which includes, in plain ASCII text in dotted-quad notation the last DHCP address handed to the box by the DHCP server at the IP specified by the "DhcpServer" REG_SZ value. Older entries could potentially exist under the "ControlSet001" and "ControlSet002" keys, both of which are backups.
While this method is by no means bulletproof, it could potentially disclose the last IP address the computer obtained from a particular DHCP server and that would not only be useful, but perhaps even relevant information.
Re:You wha? (Score:4, Informative)
There was some tenuous discussion of how MAC addresses are used (to which I am not certain I completely agree, but I'm not an expert), and again on how the correlation of two address fields in a Kazaa packet shows that the computer was connected directly to the Internet and not through a router. Again, there was nothing to show that the computer connected to the Internet at the time actually belonged to the Verizon account holder, because no MAC address was recorded and in fact he didn't have access to anything except the hard drive (although personally I would expect Windows records this in the registry, which he did examine and didn't document). In any case, he did say that MAC addresses could be spoofed.
Most interesting for me was that as the examiner, he had been asked purely to find out if Kazaa and MP3 files were present, and he seemed to followed that direction, failing to look for any materials (e.g. malware, remote control apps, etc.) that could possibly have assisted the defense.
HTH
Re:Respect (Score:4, Informative)
Re:Anyone who knows stuff about court... (Score:5, Informative)
Re:Anyone who knows stuff about court... (Score:1, Informative)
1) A Deposition is an alternative to a witness appearing in Court (or at least to keep the amount of time he'll have to appear in court) down. It's just the two lawyers, plus a Court recorder, who takes down what they say and reads the questions back for the witness.
2) Objections are almost always to the form of a question, rather than to any particular legal issue: Generally a witness will answer practically all questions, and their admissability will be determined later by the Judge. The endless objections are a way of ensuring that any answer that the plaintiff's lawyer doesn't want on the record can be challenged before the Judge on some ground (any ground), usually on the basis that the question was designed to solicit a particular response (a leading question), the question was confusing to the witness (compound questions), or that the question wasn't related to the stated reason the witness was being examined (questions without foundation).
3) These objections have a surprisingly high strike-rate, considering that they're sprayed like confetti during a deposition. Hope that clears things up (IANAL... I'm much much worse, a law student
Common error on NATed routers (Score:4, Informative)
In other words, by looking at the IP address contained in the payload, there's no way to tell that it was behind a NAT router or not simply because the IP address was not in a reserved range.
Secondarily, since the computer interface IP address is in the packet payload, that is data that is being sent by an application. The application (whatever it was that was communicating with the P2P network) may:
- lie. It could be a hacked version of a P2P standard application,
- allow user configuration of the IP address in the payload (if I remember correctly, some seem to),
- be broken. I assume all versions of all applications that communicate on the indicated P2P network were not vetted for their proper functioning.
Re:PE software engineers (Score:3, Informative)
Re:IPV6 (Score:1, Informative)
Re:Standards for Evidence? (Score:3, Informative)
It's late, and it's been a while since I've done this stuff, so I imagine someone else can do this better, but there's no post up yet.
Rules of evidence (no reference to policy, just rules). Law often works in layers, for example, something likeso:
- General rule: Everything relevant is admissible.
- Exception to the general rule: Hearsay: Oral statements by a person other than the one giving the testimony is inadmissible.
- Exception to the Hearsay rule: (obviously not applicable, here, but for example) Statements of a murder victim identifying their murderer can be admitted by someone who overheard them prior to the victim's death.
There are more exceptions, and exceptions to the exceptions (esp. in evidentiary rules). But the logic is generally like that.
So, to wit:
The statements of the expert are admissible, as to his/her expert opinion, and their awareness in information and belief, if they are relevant.
Oral statements by the expert about what someone else said are inadmissible under the hearsay exception to the general rule, even if they are relevant.
Unless such oral statements were (per the rule-example above) made by the victim of a murder, and identify the murderer (in which case they are de facto relevant).
In this case, much of the evidence is documentary, and admissible under the general rule. Only the oral statements of others would be inadmissible under the hearsay rule in this expert's testimony. (As I understand the rules of evidence as they probably apply here)
Not that the meaning of your statement was in any way wrong in the lay-sense. But just thought it might be interesting to lay out, as it pertains to this case, in the legal sense (as far as I might grasp such a critter and be halfway able to portray it).
Re:IPV6 (Score:3, Informative)
Re:Standards for Evidence? (Score:3, Informative)
Here's something to question... (Score:5, Informative)
This is flat-out wrong. Yes, you CAN find the OUI [wikipedia.org] that might well give you enough information to find out who made the hardware. The problem is that you can change the whole damn MAC address. Conveniently, Wikipedia even has instructions on how to change your MAC [wikipedia.org] on many OSes, although there's an illustrated guide on changing your MAC [nthelp.com], elsewhere.
This guy may know a bit of programming, but this kind of stuff makes it pretty clear to me that he has no idea how people can and do manipulate information. It's pretty clear to me that he's done little more than investigate only those things which might support their case and has completely ignored anything which might cast doubt upon it.
Re:NAT discussion wasn't thorough enough (Score:3, Informative)
Skype (which, coincidentally, was written by the same people who wrote Kazaa) uses some of those workarounds to punch through NAT firewalls. I do not know if Kazaa uses them, but the authors of Kazaa could have certainly done so.
But P2P works better if it has access to your public IP address, and you can accept inbound connections. Hence some P2P applications will complain if they detect that they are NATed and ask for your public IP. Some will auto-detect you public IP. Others will not only autodetect your public IP, but if you have a UPNP-capable router, will automatically detect or otherwise set up appropriate holes in you NAT firewall (later versions of Azeurus do this, I believe) to forward inbound connections. And, as aforementioned, Skype uses NAT-busting techniques to bypass setting up proper forwarding rules altogether. Skype's ability to get past firewalls is actually somewhat frightening...
Although the original design of the internet was based on the assumption of a static one-to-one mapping of computers to IP addresses, this is not the case today. DHCP means that the mappings are not static, and NAT means that the mapping isn't one-to-one (indeed, a sufficiently sophisticated NAT setup could be many-to-many, although such would be unusual). Even MAC addresses aren't really unique--it is quite common to set up interface failover by spoofing the MAC address of the failed NIC. Identifying a computer uniquely is a very tricky process--the common means of doing so rely on these broken assumptions. The uncommon means (specifically, searching for evidence of clock drift in timing parameters) are, well, not commonly used, and have higher false positives (due to sensitivities to temperature and the low precision of clock drift measurements). And none of this can be used to show that a particular person was doing anything at any point in time.
From my limited experience with expert testimony, many expert witnesses, although experts in their field, are not experts at being witnesses. It's a way for a university professor to pick up more money on the side with easy consulting work, especially if hired by a petitioner under the expectation of a weak defense by the respondent. In such a case, speed and cheapness are prized above thoroughness and accuracy, and actually being deposed by a lawyer who has been prepped on the sorts of questions to ask would be quite the surprise. Dr. Jacobson appears to have been caught with his pants down, giving a slap-dash report which is clearly biased in favor of the side which hired him. Although he isn't a member of any regulatory body, I would be surprised if he wasn't a member of the ACM or the IEEE Computer Society, and in violation of their respective codes [acm.org] of ethics [ieee.org] (specifically, ACM 1.2, 1.3, and 2.5, and IEEE 2, 3, 7, and 9).