RIAA's 'Expert' Witness Testimony Now Online 512
NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"
Respect (Score:5, Interesting)
I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
And it's nice to see that the community could have been of help.
All the best.
OT Computer Engineers (Score:2, Interesting)
About the only ones I can think of are in control systems, particularly where a failure could cause loss of life or serious injury. The computers that control an automobile engine and brakes come to mind. "Secondary" systems which provide life-saving information, such computers in aircraft-control towers, might also require a PE's blessing, but this seems like a stretch.
Are there any software engineers out there who have to have a PE for their current or past SW Engineering job? What job required the PE?
Memo to Cowboyneal: Add a messaging system to
Re:One quick thought about licensure (Score:5, Interesting)
It's fine to give a professor the benefit of the doubt when you attend his/her lecture. Doing so in a courtroom seems an act of extreme naivety.
Re:One quick thought about licensure (Score:5, Interesting)
Way off-topic, but programming desperately needs the kind of accountability and professionalism that 'real' engineering has. We're around where engineering was 100 years ago just now, with a hundred different screw threads and steam engines which explode in your face. 'software engineering' may be an academic discipline, but 'professional' (in their execution) software engineers are few and far between and professionally engineered software is rarer still. The lawyer is making a valid point.
Before you ask, I am a professional (it's my job) programmer. I'd love to be an engineer. I'd love to work somewhere where those kind of standards were applied. I'd get a CS degree (mine is in Physics), but those programmers I've worked with who have CS degrees don't seem much more engineer-like in their application than those without. Too much hacking, not enough engineering. Perhaps civil engineers would be the same if every bridge had "this bridge comes with no warranty, either express or implied" written into the contract.
Re:One quick thought about licensure (Score:4, Interesting)
Re:One quick thought about licensure (Score:3, Interesting)
Re:One quick thought about licensure (Score:4, Interesting)
What is more important and shocking is the unprofessionalism of his vodoo science.
If this witness (a) lacked appropriate professional credentials, (b) lacked appropriate expert witness credentials, and (c) had a major conflict of interest, but nevertheless had a convincing and reliable scientific basis for his conclusions, then he would present a formidable obstacle.
As it turns out, his "method" -- if you want to call it that -- will be laughed out of any courtroom.
PE software engineers (Score:3, Interesting)
So would a PE software engineer lose his license if he made software with numerous bugs? Can software engineers really be held to the same level of accountability as structural engineers? I thought it was near on impossible to write error free software these days. What criteria would you use for standards?
and there goes Internet radio (Score:3, Interesting)
Damn (Score:3, Interesting)
I'm very sorry to see he's come to this.
IP Addresses (Score:2, Interesting)
Re:Some "expert"! (Score:5, Interesting)
I'll go you even one better, they don't even know if the index of song files in the screen shot was on one computer, or represented bits and pieces from a number of different computers (nodes, in KaZaA parlance).
What a joke (Score:3, Interesting)
1.Doesn't verify his sources Beckermans point about "are mediasomethigns and verizons clock synchronised" is a good one espeacially when you consider his point about the nature of IP address's, at the very least he should have requested the lease time of that IP (so when did the subscriber start using the IP and for how long) to verify that the information had a chance of being correct.
2.No set method, the lack of reports and the fact he never made print outs suggests he doesn't have a set method of investigating, which personnally would make me question his investigation techniques this results in a whole list of problems:
2a.means no evidence supporting the defendent was kept, in effect his not impartial and also hurts the defense 2b.suggests he makes it up as he goes along, a "what seems a good idea at the time", as you can clearly see he's missed out on some issues which are important, like confirming the MAC address of the machine and its method of connecting to the internet.
3.Deliberate attempts to twist what hes saying or not sticking to the question an example would be towards the end where he starts talking about IPV4 and finishs with IPV6. I don't know how either works exactly but he should have talked about both seperatly, the use of both at once means he could be dilibertly hiding stuff, when was IPV6 rolled out anyways? Anouther example would be his linking IP address's directly to a PC, no matter how many times Beckerman tried to get him to admit that when accessed through a router the IP address given to the outside world is the routers not the individual PC's. 4.Lack of actual investigation, now I'm not sure what he was exactly hired to do but by the looks of it RIAA hired him to prove and be a whitness to say that a person used Kaza to download and share music. Hes not done that, hes investigated the drive he was sent found no traces of Kaza on it, or any MP3's (I think he indirectly said this) rather than investigate possible explanations for this, for example did the person own two pc's, did they connect to the internet through a router, could this router have been compromised (perhaps unsecured), perhaps then look for security vulnerabilities to see if it was a zombie machine, or for other security problems. Then if he couldn't prove any of that attempt to verify that mediashares information was correct, check it and check verizons and then attempt to co-oberate that information somehow, for example attempt to obtain the MAC address from the hard drive and from mediashares packet information in otherwords to link them up. Otherwise all he can actually claim is that "The pc in question when inspected did not have the Kazaa program on it at any time, nor does it appeared to have or have had the media files that mediasomething accuse the computer of having" His conclusions from his investigation lack any form of imparitality and it appears that he was unwilling to give any real unbiased opinion.
personnaly after reading that disposition I would seriously call into credibility as a expert or even as a whitness. I'm sure better people than I could take apart his disposition its 3am here I'm tired but those are the things that come to my mind at least
Objection, your honor! (Score:5, Interesting)
A few unhelpful observations.
This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:
I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.
This is funny, too:
Re:This testimony fails a basic test for evidence (Score:4, Interesting)
Re:Some "expert"! (Score:5, Interesting)
While you may be right that the alledged KaZaa packets would support that idea, the main problem is that the RIAA expert has *no* way to verify any of his claims.
-He failed to document his forensics- which he believes is not necessary and any other professional would consider "OK". (Riiiight).
-He claims to be an expert on MediaSentry, but doesn't know enough about the program to discuss about potential bugs, the way it works, whether or not it has the ability to be wrong, etc.
-He tries to claim that the evidence proves his case, admits any screenshot can be manipulated, and proceeds to describe how it proves it.
-He admits the forensics, on the entire drive, found *nothing* that would suggest that there were illicit files, much less KaZaa.
-He admits that there was no verification that what Verizon produced was true.
His testimony is full of holes...
Well... if NewYorkCountryLawyer reads this... (Score:4, Interesting)
When a user gets on Kazaa, the Kazaa network perpetuates that External IP address through their network. Your external_IP is linked to your kazaa_username. Now, when people search and get your kazaa_username, they hit that IP address. All is fine and good... until you are knocked off of DSL or your dhcp timer is up.
Then, you reconnect using a new external_IP. Now, you have many users on Kazaa that know your username goes to either your old IP or your new IP.
The network trashing occurs to the person who inhabits your OLD external_IP. You see a LOT of bandwidth from users and Kazaa network towards your new IP address. We had a 768/384 Kb connection, and 200 Kb was ate up with garbage from Kazaa from the previous IP inhabitor. This number of garbage connections approaches 0Kb, but never meets it.
Perhaps they detected a residual connection like that.
NAT discussion wasn't thorough enough (Score:3, Interesting)
This should have been the killer point. I completely trashes the expert's claim of expertness on the protocol. However, the wording was just too confusing for most people to really understand. I'm not a lawyer so I'm not quite sure what could have been done better, but if possible I certainly wouldn't leave it like this.
In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies). A good question would have been "Have you ever seen anything other than a public IP address
in a Kazaa packet?"
If there is another opportunity it would be a good idea to nail this point home. Really, if the expert can't understand how a p2p program defeats NAT by discovering it's public IP address, then he isn't much of an expert. And if you show that having the public IP in the Kazaa packet does *not* mean it was installed on the computer containing the NIC assigned the address, then really they have no information at all...
Re:Quick question (Score:3, Interesting)
The reason the router still thinks it's an obsolete iMac is that having the router continue that charade is easier than getting Comcast to regognize a new MAC address, which is needed because my MAC is how they determine I'm not a Comcast customer, but an Earthlink customer via Comcast 'last mile' (so I get connected to an Earthlink IP not Comcast).
--Tomas
Re:Pretentious? Hardly. Never took Latin? (Score:3, Interesting)
Philosophy at many schools no longer involves an intensive study of latin. You read plato in english translation, and do the best you can to avoid looking to deeply into what 'a priori' really means when you reach Kant. As for the law, law students don't have to learn to analyze latin, they memorize a half dozen turns of phrase that they use alot. "inter alia", "infra", "supra", "stare decisis", etc.
Intelectualism is dead.
-GiH
Yeah, first I was a programer, then I was a philosopher. Now I'm in law school.
Re:One quick thought about licensure (Score:2, Interesting)
Every so often somebody suggests that there should be some test to make somebody a Professional Software Engineer, but nobody knows how to make one. The process for engineering an embedded system for a medical device is completely different from the process for engineering a bank's financial system. For example, security is a prime consideration for a financial system, but an unknown concept in the world of pacemakers and engine control units. Besides, the world of software engineering completely changes every few years (would you be interested in passing a test that still requires you to know about flow charts?), and nobody has yet to figure out the best way to DO software engineering.
dom
Re:Just an off-topic question to Slashdotters (Score:3, Interesting)
The hatred for the RIAA here is well-established. Out of genuine curiosity, what do Slashdotters think artists and others who work in the music industry should do to protect themselves from piracy?
First off let us be clear...it is not the artists who are hurt by filesharing....it is the music publishers. The 99% of artists who have not been signed to a profitable music industry contract stand to lose nothing by the free sharing of their music.
Re:NAT discussion wasn't thorough enough (Score:3, Interesting)
(For the record: I don't know Kazaa... I know Gnutella)
P2P programs work fine behind a firewall/NAT, without public IP addresses, and without forwarded ports. The ONLY problem is when BOTH nodes are behind a firewall/NAT. And even there, there is a workaround that can be employed with the use of a 3rd party that doesn't block incoming connections (though I haven't heard of any P2P protocols currently use this method in the wild).
To connect to the P2P network, your computer connects out to other hosts which aren't blocking incoming connections. Once you have, you can receive messages from anyone on the network, as the message will propagate (broadcast) through the network, and be ignored by every host but yours (based on a generated unique ID, nothing to do with IP address). In fact, at this point, you have no idea what the IP address of any node, except the few you are directly connected to, is.
If the file you can accept inbound connections, and want a file on a host that does not accept inbound connections, you broadcast a "push request" over the P2P network. When the proper node receives it, it makes an outbound connection to YOUR IP address, and then starts transferring.
The point of all this being, you can share files, without accepting inbound connections. You can download files from others without accepting inbound connections. And you can participated in the P2P network (communications, searches, etc) and all of the above, without your P2P program knowing your public IP address.
The answer would be: "Yes, all the time."
That said, there is still plenty of reason to believe an IP address in a Kazaa packet could have been forged.
Re:One quick thought about licensure (Score:4, Interesting)
As to the economics side of the discussion: Most of the litigation settlements are $4500. Some people don't have the money. Some people are completely innocent. Almost no one can afford what it costs to defend a case brought by the RIAA, because the RIAA handles the cases in a way calculated to maximize the costs.
As to the human side, my guess is that a person like you -- who is probably on the high end of being able to weather something like this -- would find it pretty major. If you were totally innocent of copyright infringement which would you rather do -- pay $4500 in extortion money, or pay a fortune in legal fees to vindicate yourself. My guess is that either of those would leave you pretty unhappy. There are many, many people who are totally distraught over being put in these positions, and having to make impossible choices: (a) pay money I can't afford for something I didn't do; (b) turn in my child so they can sue him or her; (c) turn in my nephew or a neighbor's kid, so he can be sued; (d) incur an open-ended expense fighting the case; (e) file bankruptcy, even though it's for a "debt" I don't owe.
Also many people are afraid they or their children are going to jail.
And none of the settlements are true settlements: they require an admission of guilt; they leave you open to further lawsuits; and they require you, for the rest of your natural life, to refrain from doing many things which are NOT copyright infringements.
Re:Acts of civil disobedience-evidence generation? (Score:3, Interesting)
Re:Some "expert"! (Score:3, Interesting)
Exactly. They have no proof who was using the computer or even what computer it was.
Even better is if they did prove it was the computer. They would have just proven it wasn't running KaZaA. Let me explain;
1 they took an image of the hard drive
2 they did an analysis and said it is not the one they caught with media sentry
3 they have proof of the owner of the account through ISP records
4 the machine was using dial-up.
Correct me if I'm missing something. I remember in dial-up days the dialer was made to "Login" to the ISP using the subscriber information.
5 Did they check if this machine is registered to the account owner? If so, where is KaZaA?
They have all the proof the drive supplied may belong to the ISP account holder simply by the fact (yet to be proven) that it does login under the subscribers account.
I dare them to prove the supplied hard drive is not the account owners by showing it's dialer settings. I bet the RIAA is avoiding this step because they already know the answer. They did in fact get an image of the drive and are avoiding admiting errors in the investigation that will hurt all the other cases. They have to win, even if it means omission of the possible fact that the supplied drive is the defendants.
6 The only other hole in the above is if a raid reveals several machines at the home using the same dial-up account. Ssshhh. Don't pass this on to the RIAA lawyer.
6a A raid may even not turn up anything. Every once in a while a family will split the cost of an account to extended family members such as parents or siblings. Unless they can capture not only the IP address, but the dial up number used for the connection to get a tight case against a dial up subscriber.
A few thoughts from an IT geek (Score:3, Interesting)
1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.
2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.
3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?
4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.
All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?