How To Frame a Printer For Copyright Infringement

An anonymous reader writes "Have you ever wondered what it takes to get 'caught' for copyright infringement on the Internet? Surprisingly, actual infringement is not required. The New York Times reports that researchers from the computer science department at the University of Washington have just released a study that examines how enforcement agencies monitor P2P networks and what it takes to receive a complaint today. Without downloading or sharing a single file, their study attracted more than 400 copyright infringement complaints. Even more disturbing is their discovery that illegal P2P participation can be easily spoofed; the researchers managed to frame innocent desktop machines and even several university printers, all of which received bogus complaints."

Glad it's in a reputable media source

[pwnies]

While entirely laughable, I'm glad this story is in the New York Times. Getting the Spanish Inquisition-esque ways of the these enforcement agencies out into the media is going to be one of the few ways to make it stop. Hopefully people (meaning the general public, and not just us here on /.) will soon realize just how ludicrous these methods are.

Too flimsy

[Endo13]

While I'm all for anything and everything that helps bring down the MAFIAA, sadly the case in this article is very weak. It only points out two things, both of which are already commonly known by almost everyone in IT.

1. IP addresses can be spoofed.
2. IP addresses assigned by DHCP will not always be assigned to the same MAC address.

Then there's a lot of hand-waving and implications that there's also all kind of other likely flaws in the methods used to find out who's participating in file-sharing.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

This bothers because if anyone were to point out how weak this case is in main-stream media, it could end up doing more harm than good.

We need some heavy ammo to shut them down, and I'm afraid this is not it.

Re:PC LOAD MUSIC

[omeomi]

whoosh!

Re:Glad it's in a reputable media source

[liegeofmelkor]

I think there is another reason to be glad that is more important than being in the media, IMHO. An NSF grant-backed publication from a large research institution will carry some weight in court.

IP address spoofing has been invoked by the defense in previous lawsuits to attack the prosecution's investigation methods, however, this assertion has always had to be provided by an expert witness. A scholarly publication backed by the U of W and the NSF will bolster this point. It might even stick with a jury (who knows). Anyway, this will come in handy in the courtroom, I think.

Re:Too flimsy

[gstoddart]

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

Well, it does two things.

First, it shows that you can get a subpoena for not actually doing anything illegal. Presumably, connecting to a tracker isn't illegal.

Second, it begins to dispel the myths that the content holders have perpetuated about how they actually gather their evidence and if the collection methodology is valid.

I think actual University research which is covered by the NYT might be an awful good start. It's by no means everything that needs to happen, but starting to establish that their data collection is faulty is better than nothing.

Cheers

Re:Too flimsy

[link-error]

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

Actually, that is the worst part.. they are sending out take-down notices/suing people that didn't download anything..
    Remember, innocent until proven guilty. They aren't even trying to actually determine this.

Re:Too flimsy

[Bryansix]

Maybe you missed the part where they framed the printer? The point is they just connected to a tracker but in real life what is more likely is that the guy in the dorm next to me is actually downloading the film that he didn't pay for but he pins it on me who wasn't involved in doing any copyright infringing at all. THAT IS THE POINT. Too many cases get brought up that are accusing the WRONG PERSON of doing the infringing.

Re:Too flimsy

[s.bots]

It only points out two things, both of which are already commonly known by almost everyone in IT.

And that's why this is relevant. Because it is not common knowledge outside the IT field, and it makes an appearance in the New York Times. The article could be more in-depth, or provide more conclusive evidence I agree, but getting the facts out there to the average (NYT reading) Joe is a good first step.

The worst part of it though is how they throw in the whole thing of "we weren't actually downloading or sharing anything". No, they were just connecting to the tracker. And of course, everyone knows "pirates" commonly connect to torrent trackers to do nothing.

True, pirates don't connect to a tracker to observe, but the point being made is that an entity that was only observing (not doing anything illegal or warranting a takedown notice) is being pinned as a pirate.

Re:Big surprise!

[Anonymous Coward]

Please don't confuse an RIAA investigation with a police investigation. The RIAA are not the police (yet....)

Re:Big surprise!

[d34thm0nk3y]

If I go outside every night wearing overalls covered in blood stains, dig holes in my front yard, and bury body sized bundles wrapped in garbage bags every night for a couple of weeks, I'll probably be investigated for murder.

You would be investigated, but if the only evidence presented at the case was the odd behavior you would be found not-guilty. The MPAA/RIAA use the odd behavior as not only the probable cause to investigate but also as the evidence to prosecute.

Re:has the mafiaa ever fought an IT guy?YES

[TheGratefulNet]

what logs are you referring to?

'home users' (even clueful ones) often don't keep 'logs' of AP activity. or, they simply roll-over and over-write log data, like a circular buffered log would do.

I keep intrusion logs from my firewall but that doesn't log ALL activity, just break-in attempts. and if you run an open AP that is outside your firewall (as is prudent to do) then there is no NEED to keep a log on that - its 'open' afterall. and if they want to get into your private LAN they need to jump thru your firewall just like any other traffic from the WAN would.

I have no logs other than simple unix syslogs (on my unix boxes) and some firewall logs intermixed (remote syslog). I would hope that simply NOT having 'logged all data' would not be held against me (?). home network users should not be held to ISP level logging and accounting standards.

my defense would be to compel THEM to show definitive data and not just that torrent was running (I could be grabbing the latest linux .iso) but that copyrighted files were being downloaded or explicitly 'shared'. I should not have to produce logs showing that there was NOT downloading. that's just absurd. the burden of proof should be on the accuser to show, without any doubt, that I participated in an 'illegal share'.

if its mandatory that home users keep detailed logs, then this is a huge jump over what expectations we have right now about 'home computer users'. I wonder if expecting home computer users to be experts (keeping detailed logs to SHOW their innocence) is reasonable in the eyes of the court?

finally, if you run a home NAT then simply saying IP of a.b.c.d is just not enough. and most users do run some kind of NAT device in their home networks. its really hard to see how a single IP could back-point (so to speak) at the device that is being NAT-mapped.

Re:Too flimsy

[bigstrat2003]

No, it's still innocent until proven guilty. The standard of proof is just different.

Re:Is this safe?

[gstoddart]

What's to prevent the RIAA from having fake "experts" volunteer to do this, only to offer easily-refuted arguments in court?

What? Conspire to subvert the legal system, and come close to perjury? I say, bring it on and let the jail terms fly.

Presumably, the EFF would vet their people, but I should think intentionally doing what you suggest might get you some kind of sanctions.

Then again, your cynicism might not be completely unfounded. Which, is a depressing thought.

Cheers

Re:Ridiculous!

[myxiplx]

This is slashdot... home of geeks... think outside the box a little, then re-read the parent post.

Re:Too flimsy

[Endo13]

You're probably right. And that could be the one good thing that comes from this.

Slashdot: accept no substitutes

[Anonymous Coward]

This entire thread is the sort of pure comedy gold that you'll never get at digg.

Now if only they could get rid of the big green splotches all over the pages.

Re:Too flimsy

[coyote-san]

I vaguely recall there being a key legal point that you have to be able to simultaneously point to one party and exclude all others. Check with a lawyer (or law school student) to be sure.

The reason is to prevent an "I was framed!" defense as much as preventing framing innocent parties. It's not unheard of for people to plant evidence of their own guilt. Discredit the planted evidence and most people will (reasonably) have a lot of doubt about the rest of it.

Easier Way to Frame someone

[Thergrim]

A much easier way to frame someone for infringement. You will need; -the IP address of the target -a copy of what an infringement letter looks like (find them on the Internet) -software to alter or create a fake infringement letter Using the target's IP address, look up their ISP's snailmail address. Fake up your Infringement letter. Mail it to the ISP. Do this 3 to 5 times and your target will get booted from their ISP. ISP's do not check the validity of these letters.

Re:Too flimsy

[jimicus]

[sarcasm]Yes, of course I missed the part about the printer.[/sarcasm]

What I did miss was their explanation in the article on exactly what they did to get the printer implicated.

Clue: It's in the paper the article references.

Re:Too flimsy

[networkBoy]

What is your defense was that you actually monitor *tons* of trackers, looking for say popularity spikes/curves/what have you; and when they try to bulldog you you produce the data of your analysis:
I.e. linux distro trackers surge in the hours following a release, the curves for TV shows, movies, games, books, whatever.
So long as you don't claim you didn't download anything you have committed an error of omission, not a factual lie (IANAL), assuming you did download the torrent in question. However, so long as you didn't download that particular item you could in-fact claim you did not.

Might even be helpful to release an oss tool that simply connects to trackers and compiles this kind of data, if enough people ran it (distributed ap?) you could vastly increase the noise level.
-nB

Re:You're on to something there

[Anonymous Coward]

Great idea.. now to just find a list of the home addresses of Federal judges, and their internet providers.. and some fsking way to figure out their IP addresses... and then.. we wait.

Subtlety is not required - brute force it

[Weaselmancer]

An interested party could figure out a judge's address. And when you've got that then you'd know who their potential local providers are. And once you know those you know the range of possible IP addresses. And once you've got that - brute force. Ping everyone. Any return ping gets a spoofed false positive. Or if you're of the 'nuke it from orbit' mindset, false positive the whole subnet.

Piece of cake. If someone were so inclined, that is. Not that I'd advocate anyone ever doing this, of course. Oh heavens, no.

Re:Too flimsy...not really

[Anonymous Coward]

You were thinking that 3% was a low number? 3% of "tens of thousands" is hundreds of people. Not to mention, how are you measuring false positives? How do you know the people you're assuming are guilty actually are?

This just in

[greymond]

Apparently IP spoofing still works.

There. I just saved you 7 pages of walled text.

Re:Is this safe?

[Original Replica]

They don't need "fake" experts they just need "real" experts that emphasis points that they want heard and minimize points they don't. In an adversarial legal system each side does this; it's up to the jury to decide which expert is full of it.

Your point makes me wonder if in this day and age we don't need non-biased experts in the same way we need non-biased jurors. I would propose that each court district should have and online listing of which experts are needed, and volunteering to fill that need would fulfill one's jury service obligations.