An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."
While entirely laughable, I'm glad this story is in the New York Times. Getting the Spanish Inquisition-esque ways of the these enforcement agencies out into the media is going to be one of the few ways to make it stop. Hopefully people (meaning the general public, and not just us here on/.) will soon realize just how ludicrous these methods are.
You must be new here. Amongst our weaponry are such diverse elements as fear, surprise, ruthless efficiency, an almost fanatical devotion to the Pope, and nice red uniforms - Oh damn! I can't say it - you'll have to say it.
Our three weapons are fear, surprise, and ruthless efficiency. And bogus copyright claims. Our four,... no. Amongst our weaponry are such diverse elements as: fear, surprise, ruthless efficiency, and bogus copyright claims.... I'll come in again.
Yes, but will this sort of study ever make it to trial in any shape or form that is likely to put the kibosh on the MAFIAAs strongarm tactics?
Unless the little guys can pony up the cash to get these guys as expert witnesses, the MAFIAA will simply commission their own, contradictory study in order to discredit this one.
I hope at some point (and some point SOON) we get a critical mass of people and evidence against the big industry players so that they'll stop this crap. I don't think it'll happen though--there's just too many dollars at stake for them to give up.
Somewhat offtopic, but related to your post. The EFF maintains a mailing list for technologists who would be willing to assist as witnesses or in other ways for cases such as this. When an attorney needs an expert witness for, say, a defense case against the RIAA, the EFF happily forwards it to this list.
http://www.eff.org/about/opportunities/volunteer [eff.org]
I think there is another reason to be glad that is more important than being in the media, IMHO. An NSF grant-backed publication from a large research institution will carry some weight in court.
IP address spoofing has been invoked by the defense in previous lawsuits to attack the prosecution's investigation methods, however, this assertion has always had to be provided by an expert witness. A scholarly publication backed by the U of W and the NSF will bolster this point. It might even stick with a jury (who knows). Anyway, this will come in handy in the courtroom, I think.
The other favored method these days seems to be sending out non-sensical Cease and Desist [demystify.info] Letters claiming all sorts of things, including copyright infringement, and CRIMINAL charges because someone has a domain that you want.
Caton Commercial [willcounty...tcourt.com] engages in this, and seems to find this practice acceptable.
by Anonymous Coward
on Thursday June 05 2008, @02:45PM (#23672867)
From God^H^H^HWikipedia:
The term was popularized by the comedy cult film Office Space. Michael Bolton (David Herman), one of the three main characters, reads the error message from the LCD status display on a fax machine, after which he asks, "'PC Load Letter'? What the fuck does that mean?"
An inanimate object could also get the blame. The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of âoeIron Manâ and the latest Indiana Jones film.
Download movies and sell them
pin it on cop's printer
in the meantime while they're arresting the printer
1. Download movies
2. Pin it on RIAA's website IP address (76.74.24.143)
3. Let the cops arrest RIAA
4. Peace and Quiet
5. Profit!
But seriously... if you can spoof using any IP address (Printer, Website, etc), then everyone can claim it was not them downloading anything and there is not sure way to prove it.
Just food for Thought.
Sorry, I have to debunk the theory that it is only technically possible to spoof a source address on your local subnet, it's just not true.
First of all, you can send people in your local subnet messages with any fake outside source IP you want, and there are various techniques to convince your local subnet's router to send _you_ the response traffic instead of the rightful recipient, so you can have full socket connectivity in both directions.
(I.E. ICMP redirect packets sent to the default gateway, static routes, etc)
Also, there are methods to spoof source IPs outside your subnet, even when sending to destinations outside your subnet, unless your provider is specifically using techniques to block spoofed traffic (which possibly, some are now).
If you can guess the right sequence numbers and port numbers (very hard), then you can even inject data into someone else's live TCP connection, or just force that connection to close (by sending a RST)
Use of technologies such as SSL or TLS protect against sending unauthorized commands or allowing corrupt data to be transmitted, but don't protect against a third party forcibly closing the connection.
Spoofing outside the subnet is just extremely difficult, and fairly improbable for targets utilizing modern TCP stacks -- but theoretically possible; IRC networks used to have problems with script kiddies generating spoofed clone floods.
(This tactic was thwarted by taking advantage of the fact that spoofed users could effectively SEND spoofed traffic but not RECEIVE messages, so a CAPTCHA-style feature called "nospoof" was introduced into the connection process.)
Receiving traffic in both directions over a spoofed connection is also possible, but hard,
I.E. requires hijacking the legitimate equipment's IP, and fooling network equipment into sending traffic to the wrong place (the spoofer's computer).
I'm not saying it's easy, safe, invisible, non-destructive, or you won't easily get caught, but I must say that such spoofing is 100% possible.
So, will we have a variant on the Chewbacca defense?
"Why would a printer, an inanimate object with no reproductive organs, be downloading pornography? It doesn't fit... if the toner cartridge won't fit, you must acquit."
Seriously though, it's good to see some credible research demonstrating that the methods that are used to identify file-sharers are completely arbitrary and can't be demonstrated to be valid.
It would be nice to finally have enough evidence that Judges could basically say "Well, this methodology has been dis-credited, you need actual evidence."
Now, if you excuse me, I'm going to try to devise a way to make it look like our printer has been downloading Will Farrel movies and films with Natalie Portman.:-P
Clippy: Looks like you're making a letter. Would you like help?
Clippy: Looks like your letter is finished. Would you like me to print it?
Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?
* Throws computer out window *
While I'm all for anything and everything that helps bring down the MAFIAA, sadly the case in this article is very weak. It only points out two things, both of which are already commonly known by almost everyone in IT.
1. IP addresses can be spoofed. 2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.
Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.
We need some heavy ammo to shut them down, and I'm afraid this is not it.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
Well, it does two things.
First, it shows that you can get a subpoena for not actually doing anything illegal. Presumably, connecting to a tracker isn't illegal.
Second, it begins to dispel the myths that the content holders have perpetuated about how they actually gather their evidence and if the collection methodology is valid.
I think actual University research which is covered by the NYT might be an awful good start. It's by no means everything that needs to happen, but starting to establish that their data collection is faulty is better than nothing.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
Actually, that is the worst part.. they are sending out take-down notices/suing people that didn't download anything..
Remember, innocent until proven guilty. They aren't even trying to actually determine this.
Maybe you missed the part where they framed the printer? The point is they just connected to a tracker but in real life what is more likely is that the guy in the dorm next to me is actually downloading the film that he didn't pay for but he pins it on me who wasn't involved in doing any copyright infringing at all. THAT IS THE POINT. Too many cases get brought up that are accusing the WRONG PERSON of doing the infringing.
It only points out two things, both of which are already commonly known by almost everyone in IT.
And that's why this is relevant. Because it is not common knowledge outside the IT field, and it makes an appearance in the New York Times. The article could be more in-depth, or provide more conclusive evidence I agree, but getting the facts out there to the average (NYT reading) Joe is a good first step.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
True, pirates don't connect to a tracker to observe, but the point being made is that an entity that was only observing (not doing anything illegal or warranting a takedown notice) is being pinned as a pirate.
Yes, anyone in IT understands these issues. But the fact remains that no one in IT is being listened to when they are calling this same information proof of infringement. This study is to show that their "proof" which is being used in these same cases is as worthless as all the IT people have said it was from the beginning, and that the checks the **AA investigators are using to confirm that they are not accusing the wrong people are as worthless as well in terms of verifying/screening false positives. This study shows for a FACT that false positives are occurring and occurring ALL THE TIME.
I have not read about this - has anyone heard any anecdotes on this subject?
I'm curious if the 'industry monitoring groups' have ever sent a C/D letter to a clueful sysadmin? we know that most laymen will simply cave in when they receive the 'fact' that their IP address was somehow connected to 'bad traffic'; but I wonder if anyone who knows networking ever called their bluff and really had a court case where he asked for MORE info than simply IP addrs. it would seem that if you can defend yourself in IP networking theory that they really have no firm case on you, especially if you run an 'open wireless AP' and that, itself, could create enough doubt as to who the real 'infringer' really is. they might be able to say its your network but they can't prove its YOU. it could be spyware that somehow got installed on your system. spyware does do 'strange things' as well all know and its not outside the realm of possibility that some virus is connecting to trackers while sitting inside your network. is that really your fault? should you be called 'an infringer' for that?
so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.
If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.
You would be investigated, but if the only evidence presented at the case was the odd behavior you would be found not-guilty. The MPAA/RIAA use the odd behavior as not only the probable cause to investigate but also as the evidence to prosecute.
Glad it's in a reputable media source (Score:5, Insightful)
Re:Glad it's in a reputable media source (Score:5, Funny)
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
Parent
Re:Glad it's in a reputable media source (Score:4, Funny)
Parent
Re:Glad it's in a reputable media source (Score:4, Funny)
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
Ha HAH! The Spanish Inquisition never expected a Hewlett Packard !
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
"You are accused of heresy, in thought, word and deed! How do you plead?"
PC LOAD LETTER
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
Parent
Re:Glad it's in a reputable media source (Score:5, Funny)
Parent
Re:Glad it's in a reputable media source (Score:5, Interesting)
Unless the little guys can pony up the cash to get these guys as expert witnesses, the MAFIAA will simply commission their own, contradictory study in order to discredit this one.
I hope at some point (and some point SOON) we get a critical mass of people and evidence against the big industry players so that they'll stop this crap. I don't think it'll happen though--there's just too many dollars at stake for them to give up.
Parent
Re:Glad it's in a reputable media source (Score:5, Informative)
Parent
Re:Is this safe? (Score:5, Insightful)
What? Conspire to subvert the legal system, and come close to perjury? I say, bring it on and let the jail terms fly.
Presumably, the EFF would vet their people, but I should think intentionally doing what you suggest might get you some kind of sanctions.
Then again, your cynicism might not be completely unfounded. Which, is a depressing thought.
Cheers
Parent
Re:Glad it's in a reputable media source (Score:5, Insightful)
I think there is another reason to be glad that is more important than being in the media, IMHO. An NSF grant-backed publication from a large research institution will carry some weight in court.
IP address spoofing has been invoked by the defense in previous lawsuits to attack the prosecution's investigation methods, however, this assertion has always had to be provided by an expert witness. A scholarly publication backed by the U of W and the NSF will bolster this point. It might even stick with a jury (who knows). Anyway, this will come in handy in the courtroom, I think.
Parent
Re:Glad it's in a reputable media source (Score:5, Interesting)
The other favored method these days seems to be sending out non-sensical Cease and Desist [demystify.info] Letters claiming all sorts of things, including copyright infringement, and CRIMINAL charges because someone has a domain that you want.
Caton Commercial [willcounty...tcourt.com] engages in this, and seems to find this practice acceptable.
Parent
Case 08OV003345 (Score:5, Funny)
Parent
PC LOAD MUSIC (Score:4, Funny)
Re:PC LOAD MUSIC (Score:5, Funny)
WTF does that mean?
Parent
Re:PC LOAD MUSIC (Score:4, Funny)
It means you need to restart the printer's download of Geto Boys MP3s.
Parent
Re:PC LOAD MUSIC (Score:5, Insightful)
Parent
Re:PC LOAD MUSIC (Score:4, Informative)
The term was popularized by the comedy cult film Office Space. Michael Bolton (David Herman), one of the three main characters, reads the error message from the LCD status display on a fax machine, after which he asks, "'PC Load Letter'? What the fuck does that mean?"
Parent
Sweet! (Score:5, Funny)
Re:Sweet! (Score:5, Interesting)
Parent
You're on to something there (Score:5, Interesting)
Apparently since a DDOS is a legal move in this game (if you'll recall the MediaDefender fiasco recently), [slashdot.org] maybe we could use this technique and flood P2P space with false positives.
I'll bet once every single judge in the USA gets a "Cease and Desist" letter they'll eventually see that the RIAA's tactics aren't valid.
Parent
Re:Sweet! (Score:5, Informative)
Sorry, I have to debunk the theory that it is only technically possible to spoof a source address on your local subnet, it's just not true.
First of all, you can send people in your local subnet messages with any fake outside source IP you want, and there are various techniques to convince your local subnet's router to send _you_ the response traffic instead of the rightful recipient, so you can have full socket connectivity in both directions.
(I.E. ICMP redirect packets sent to the default gateway, static routes, etc)
Also, there are methods to spoof source IPs outside your subnet, even when sending to destinations outside your subnet, unless your provider is specifically using techniques to block spoofed traffic (which possibly, some are now).
If you can guess the right sequence numbers and port numbers (very hard), then you can even inject data into someone else's live TCP connection, or just force that connection to close (by sending a RST)
Use of technologies such as SSL or TLS protect against sending unauthorized commands or allowing corrupt data to be transmitted, but don't protect against a third party forcibly closing the connection.
Spoofing outside the subnet is just extremely difficult, and fairly improbable for targets utilizing modern TCP stacks -- but theoretically possible; IRC networks used to have problems with script kiddies generating spoofed clone floods.
(This tactic was thwarted by taking advantage of the fact that spoofed users could effectively SEND spoofed traffic but not RECEIVE messages, so a CAPTCHA-style feature called "nospoof" was introduced into the connection process.)
Receiving traffic in both directions over a spoofed connection is also possible, but hard, I.E. requires hijacking the legitimate equipment's IP, and fooling network equipment into sending traffic to the wrong place (the spoofer's computer).
I'm not saying it's easy, safe, invisible, non-destructive, or you won't easily get caught, but I must say that such spoofing is 100% possible.
Parent
Wow .... (Score:5, Funny)
"Why would a printer, an inanimate object with no reproductive organs, be downloading pornography? It doesn't fit
Seriously though, it's good to see some credible research demonstrating that the methods that are used to identify file-sharers are completely arbitrary and can't be demonstrated to be valid.
It would be nice to finally have enough evidence that Judges could basically say "Well, this methodology has been dis-credited, you need actual evidence."
Now, if you excuse me, I'm going to try to devise a way to make it look like our printer has been downloading Will Farrel movies and films with Natalie Portman.
Cheers
Re:Wow .... (Score:5, Funny)
Parent
Re:Wow .... (Score:4, Funny)
Why the hell is this printer out of toner, again?! And where the hell is all of the kleenex?
Parent
Sweet! (Score:5, Funny)
If the right people get framed... (Score:5, Interesting)
Clippy helps me steal (Score:5, Funny)
Clippy: Looks like your letter is finished. Would you like me to print it?
Clippy: Looks like you're infringing on a copyright. Would you like me to call you a lawyer?
* Throws computer out window *
Ridiculous! (Score:5, Funny)
So, anyone wanna help me get NetBSD on my Epson?
Re:Ridiculous! (Score:5, Insightful)
Parent
Too flimsy (Score:5, Insightful)
1. IP addresses can be spoofed.
2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.
Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.
The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.
This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.
We need some heavy ammo to shut them down, and I'm afraid this is not it.
Re:Too flimsy (Score:5, Insightful)
Well, it does two things.
First, it shows that you can get a subpoena for not actually doing anything illegal. Presumably, connecting to a tracker isn't illegal.
Second, it begins to dispel the myths that the content holders have perpetuated about how they actually gather their evidence and if the collection methodology is valid.
I think actual University research which is covered by the NYT might be an awful good start. It's by no means everything that needs to happen, but starting to establish that their data collection is faulty is better than nothing.
Cheers
Parent
Re:Too flimsy (Score:5, Insightful)
Remember, innocent until proven guilty. They aren't even trying to actually determine this.
Parent
Re:Too flimsy (Score:4, Insightful)
Parent
Re:Too flimsy (Score:5, Insightful)
Parent
Re:Too flimsy (Score:5, Insightful)
Parent
Re:Too flimsy...not really (Score:5, Interesting)
Parent
has the mafiaa ever fought an IT guy? (Score:4, Interesting)
I'm curious if the 'industry monitoring groups' have ever sent a C/D letter to a clueful sysadmin? we know that most laymen will simply cave in when they receive the 'fact' that their IP address was somehow connected to 'bad traffic'; but I wonder if anyone who knows networking ever called their bluff and really had a court case where he asked for MORE info than simply IP addrs. it would seem that if you can defend yourself in IP networking theory that they really have no firm case on you, especially if you run an 'open wireless AP' and that, itself, could create enough doubt as to who the real 'infringer' really is. they might be able to say its your network but they can't prove its YOU. it could be spyware that somehow got installed on your system. spyware does do 'strange things' as well all know and its not outside the realm of possibility that some virus is connecting to trackers while sitting inside your network. is that really your fault? should you be called 'an infringer' for that?
so I'm really curious if there are any examples of a tech-strong defendant really calling their bluff and demaning fine-grained specific evidence while at court or at some plea bargaining procedure.
Re:As I said (Score:5, Funny)
Parent
Re:And? (Score:5, Funny)
Parent
Re:And? (Score:5, Funny)
Parent
Re:And? (Score:5, Funny)
Parent
Re:And? (Score:4, Funny)
Parent
Re:iron man url and tracker (Score:5, Funny)
Parent
Re:Big surprise! (Score:5, Insightful)
You would be investigated, but if the only evidence presented at the case was the odd behavior you would be found not-guilty. The MPAA/RIAA use the odd behavior as not only the probable cause to investigate but also as the evidence to prosecute.
Parent
Re:Simply send this message to the printer: (Score:5, Funny)
Networked printer needs paper, badly.
Parent