dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9187
share rss forum feed

globus9991

join:2004-11-14
Argelia

1 recommendation

CIPPIC is watching DSLReports

I just received a short e-mail from from David Fewer (the director of CIPPIC) regarding this Troll menace we all face and how to counter it: "I assure you, we are keen readers of dslreports."

They do watch these threads and the ideas posted in them. WOOHOO!!!

So I guess if you have an idea, post it here. Or even better, keep it under wraps and e-mail it to CIPPIC. No sense in providing ammunition to the enemy.



TwiztedZero
Nine Zero Burp Nine Six
Premium
join:2011-03-31
Toronto, ON
kudos:5

The whole world is watching mate. And thats a good thing! The more that know about these spectulative invoicing schemes the better.

Now y'all technically savvy people just have to pass on the warnings and educate people around you who would otherwise be unaware of the impending threats these evil doods like the voltagetrolls present against you and your families and your collective wallets (which is what they're really after).

Stow your tinfoil hats, and spread the word. Don't worry about the legal strategies that stuff gets dealt with behind closed doors those who are on the bleeding edge of this know what they're doing. Meanwhile the rest of us should be absorbing every little thing we can learn to deal with this issue and passing on what we know.

Fight the good fight! Take it out to the world!
--
IF TREE = FALL AND PEOPLE = ZERO THEN SOUND = 0
Nine.Zero.Burp.Nine.Six
Twitter = Twizted
Chat = irc.teksavvy.ca

Expand your moderator at work

JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL

3 edits

3 recommendations

reply to globus9991

Re: CIPPIC is watching DSLReports

Summary of ideas:

Reasons why IPs could be invalid
- IP Spoofing
- Malware
- TSI itself has been having issues correlating the data

Reasons why the case, or parts of it, could be invalid
- Voltage only has foreign sales rights on many of the titles which does not translate to being the author of a work nor possessing standing to sue in Canada
- a determination of whether copying a P2P avi/mkv/etc file constitutes copying a DVD or Bluray copy. If you download an ISO/VOB files it's clear, however, avi files are of a different quality/standard and may be unique. Such a distinction is made between theatrical and physical sales and the industry itself makes a distinction between "digital copy" and physical copies.
- A determination of whether November 7th amendments to the law can be used to gather defendant information prior to the enactment of those laws.

Reasons why the "evidence" could be invalid
- GuardaLey Observer has been invalidated by other courts upon the results of an independent review
- No evidence that Canipre are trained in the use of or certified experts of the operation of GuardaLey Observer 1.2
- No audit of Canipre's systems has been performed to determine the authenticity of their claims nor their capabilities to carry out such an investigation (ie: downloading verifying 100% of ~1.5tb of data ~145 days worth of video in under 60 days... all claimed to be done by a single person if I remember correctly. Also, subpoena their data usage records for the period to determine if they even downloaded anything)

Reasons why affidavit could be invalid
- Canipre is not a licensed investigator in Ontario
- Logan may not be a licensed investigator in Ontario
- States information gathered by staff as first hand or "we"
- Canipre has a financial gain to identifying as many people as possible
- Contains statements which contradict the first section of this post which is basic knowledge when working on forensic collection of IP addresses. This shows an intent to mislead the court or improper knowledge to perform the investigation

Reasons that, even if all else is valid, does not constitute proof of individual infringement
- An IP does not represent an individual or computer, merely a termination point where local networking takes place.
- All arguments pertaining to why ISPs are not liable for infringement can apply to any network operator.
- Muzak supra (ie: no express authorization)

Reasons why uploading could be valid
- A user rarely uploads 100% of a file to a single user in P2P and GuardaLey Observer 1.2 is not designed to download 100% of the file
- By operating a honeypot the copyright holder authorized the copy of parts of the file, as a technological limitation of P2P users cannot choose which parts they upload while copying the authorized 50%. Nor can they tell which parts a given user has
- By operating a P2P client the user only authorizes legal uses of sharing of a file, they do not authorize illegal ones. I cannot tell if the persons I am sharing with are protected under Canadian (or local) copyright laws, downloading a fair use copy, or an illegal copy

Limitations that could be placed on the judgment
- Because there is no way to track who shared what pieces with any given individual the peers that constitute the pieces of a full download (100% of the pieces, no honeypotting) constitute a single infringement with multiple defendants not multiple infringements.

Did I miss anything?



HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

1 recommendation

Very good summary of points, all valid IMO.

One thing which has been discussed many many times, is that identifying an IP does not mean identifying the person themselves.

Non-secured or poorly secured (WEP) WiFi is of course the easiest way a nogooder can steal someone's internet connection to perform illegal activity.

How many times have we read on these forums stories like "my internet is down, but thank god for my neighbour's open wifi".

Stupidity or non-awareness does not make you guilty. There isn't a law that you have to have your home internet connection secured to the highest available standards. For the same reason if you forget to lock your house or your car, it does not give another person the right to steal from you.
--


JMJimmy

join:2008-07-23

HiVolt: added. Also, excellent analogy with the door... there is a reason why it's "breaking and entering" (ie: breaking the seal on the door/window/etc = 1 crime, crossing the threshold = 2nd crime)



hm

@videotron.ca
reply to HiVolt

said by HiVolt:

How many times have we read on these forums stories like "my internet is down, but thank god for my neighbour's open wifi".

Stupidity or non-awareness does not make you guilty.

1. Someone should do a site search for this and paste everything they find over 3 years. There are indeed many like this. Good thought hivolt.

2. Stupidty hmm... not sure. The family owning the spoofed IP used by Pierre Poutine didn't get tangled up in the case. They were let off for being ignorant to it.

However I do believe there is a threshold the court could/would use. That is, "is this reasonably expected of the entire population".

Not having an antivirus could be seen as being both stupid and unreasonable. But it doesn't protect you from being spoofed anyhow. Way-back-when after I went into a targets exploited machine I used to update peoples Norton anti-virus for them

Stupidity and ignorance is no excuse. But, they let this fly with the spoofed IP in the Pierre Poutine case...

globus9991

join:2004-11-14
Argelia

1 recommendation

reply to globus9991

One of the thing that bothers me (and that has been somewhat posted before) is that almost all movies shared on the net are technically Data Container Formats (see »en.wikipedia.org/wiki/Media_container for a crude explanation).

Typically (but not always - rare occurrence) a Data Container Format has the following components (oversimplified, of course):

1 - Header
2 - Data Streams (interleaved)
3 - Index

Typically (but not always - a rare occurrence) the data in the Data Streams cannot be understood without the Header and the Index.

Said Header and Index are physically located at the beginning and end of said Data Container, this is, at the beginning and end of a movie file.

The bittorrent process segments files into hundredths to thousands of "chunks". This means, that for a given movie, most of these chunks will be simply Data Streams.

Now, in a movie, a Data Stream is meaningless without the Header and the Index which indicates how to "play" the movie (i.e. how to execute the interleaved data streams by indicating how to de-compress them and their location in the Data Stream).

This is, if I share a chunk containing a piece of a Data Stream, that data or information *cannot* be construed as a part of a copyrighted work. Why? Simple: it is indistinguishable from garbage.

How do we recognize a "part" or "portion" of a copyrighted work? By looking at its similarities with the work. By getting a portion of the information available in the work. Does this happen with Data Stream chunks? NO.

Given "chunks" can one view a portion of the movie? NO.
Given "chunks" can one listen to a portion of the sound track? NO
Given "chunks" can one extract snapshots or pictures of the movie? NO

In other words, I could potentially download all of the movie but without the Header and the Index and STILL have garbage in my HDD.

So, if a chunk is totally and utterly unrecognizable from any part of the copyrighted work without the Header and the Index, what exactly are people "sharing"??? Basically garbage, NOT the copyrighted work.

So, a copyright holder would have to prove that you are uploading *the entire movie*, particularly the Header and the Index for it to be in a state of copyright infringement. Since without the Header and the Index, the file cannot be de-compressed dynamically and converted into a watchable movie.

This is not what Voltage claimed in their papers. Granted, they are *very* technically confusing indeed, but the most likely interpretation is that they got a few chunks from some people, checked their hashes, assembled 1 movie and viewed the movie against an original.

I cannot read their papers as they downloading 2300 full movies from all involved IPs and then comparing each of the 2300 movies against an original sample.

So, technically, they are claiming copyright infringement based on people uploading garbage!


globus9991

join:2004-11-14
Argelia
reply to globus9991

Then, we have the issue of "fair use". Typically "fair use" is considered 10% of the work.
If somebody was uploading part of the movie, even if the Judge disagrees with my previous "chunk" argument, the claimant would still have to prove that a given IP was uploading *more* than what's considered "fair use". Canipre did not do this.
But, let's go a step further.
Let's say that person A uploads 10% of a movie (which is fair use). Then person B uploads a *different* 10% of a movie (which is also fair use) and so on. I get the chunks from A, B, C, etc and assemble them in my computer. Am I in breach of copyright?
Well an argument can be placed forward that I am not.


JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL
reply to globus9991

Claiming infringement based on garbage, but not only that GuardaLey Observer doesn't actually download anything. It just collects IPs from the swarm and records that it received chunks even if no chunks were sent. See the independent review of the software (»www.scribd.com/doc/62983561/Ipoque-Rev)

Edit: Re: Fair use... you can still upload 100% and have it be used for fair use. Lets say John Doe teacher wants to use a clip from a film, they download it from me, cut out the clip they need, use it and delete the rest.


globus9991

join:2004-11-14
Argelia
reply to globus9991

Then we have the issue about "who" is the *real* witness in this whole affair.
Canipre screwed-up. Whatever the people of Canipre swore in the affidavit it is irrelevant, actual, probably perjurious.

The *only* witness that matter is the "system" that Canipre has in place. Since it is this "system" that did all the work.

A person cannot declare that such-and-such movie came from such-and-such IP since it is the *system* that obtained that information.

For example, if you get a ticket for crossing a red light with a camera, you will notice that the ticket says that Joe Drone from the Municipality XYZ "believes" that you have crossed a red light on such-and-such day and time. This is correct, because the camera system IS the witness, not Joe Drone.

This is not the case here. In the affidavit, the people of Canipre is placed front and centre as the witness, which is a blatant error.

Any accused person has the right to confront its accuser. Since in this case the "accuser" is a system, the accused must be entitled to confront the accuser. Since this is not possible (we cannot subpoena Canipre's system to the bench to be interrogated), the Judge must allow to explore the quality of Canipre's system. Which is the only way to ascertain its credibility.

And herein lies the pickle.

I can pretty much bet you anything that Canipre's systems are not up to snuff.

The basis of Quality Control is that quality can only be build-in, not tested-in. Testing will only marginally verify that the system is doing what the system is supposed to be doing and not more or less.

So, how do one build-in Quality into a system? By following a Quality Process such as ISO 9000 (or equivalent). If you do not have such a process, you are SOL. Why? Simple, in a computerize system such as Canipre's, each IT and human piece are *UNIQUE* when dealing with the evidence. By unique I mean there is NOT an alternate process to collect, assemble, review, etc. the evidence. The software may be cloned, but it is still the same software.

Hence, if Canipre's so-called "evidence" is depending on a chain of processes, is this *complete* change that must have the required Quality. If only *one* of the processes is faulty, then the entire chain is worth zilch!

This is akin to the "chain of evidence" that police needs to maintain.

So, how is a lawyer to proceed with such a legal argument? A lawyer would have to request an "evidentiary hearing" in order to ascertain the "credibility" of the witness.

What Canipre needs to provide is substantial evidence that they "system" is in compliance with a recognizable Quality Assurance process. Fat chance!

Now, so that we are clear, when I am talking about a "system" I am not only talking about which software was used. That's a miniscule part of all of it. A system involves people following written processes and procedures that must be in place *before* and *throughout* the entire process of selecting, installing, testing and using the system.

Oversimplifying, this is what Canipre should have in place (assuming no coding was done - if there was coding,... well.. the whole thing just grows exponentially):

1 - A Quality Plan
2 - User Requirement Specifications
3 - System Requirement Specifications
4 - Design Specifications
5 - Installation Plans and Reports
6 - System Tests and Reports
7 - Training Procedures - Training Logs - Qualifications of involved personnel
8 - Recovery Disaster Plan (tested - including backup procedures)
9 - Audits (of critical software and hardware)
10 - Quality Remediation Processes and Procedures
11 - Quality Report

(this is just a sample)

I can pretty much guarantee, that NONE of this was in place. Why? Simple, it is *quite* expensive to do and to maintain. NO IT shop will do something like this unless it is extremely well funded and has an extremely strong regulatory presence. Canipre? Fat chance!

It boils down to this: The "system" that Canipre used has been used without any standard (i.e. meaningful) Quality built-in it. Hence, its "credibility" is zilch.

Note: this topic is a "niche" topic in IT. Not too many people understand ITQA. A programmer is NOT and ITQA expert by any stretch of the imagination. A Quality System is composed of people following procedures and systems performing as expected. This is far... far more than "just" releasing the code.



A Lurker
that's Ms Lurker btw
Premium
join:2007-10-27
Wellington N

I don't know enough about ITQA (my background is mfg QA/QS/QMS), however, the collection software should have some type of verification testing done. ie. someone should have specifically tried to fool the system with a spoofed IP. When building a piece of manufacturing and/or assembly equipment it's not unusual to try and make a bad part on purpose. This allows you to prove to everyone involved that you can't pass a discrepant part (or to make adjustments to get there).

The problem here is that Canipre wouldn't necessarily want to show holes in their system. In a good manufacturing system 'problems are good' since if you don't define the problem you can't fix it. It is however unlikely that they would want to do any testing that showed less than 100% accuracy. If it gets to the court case level someone would have to verify the accuracy of the system.


globus9991

join:2004-11-14
Argelia

3 edits

said by A Lurker:

I don't know enough about ITQA (my background is mfg QA/QS/QMS), however, the collection software should have some type of verification testing done. ie. someone should have specifically tried to fool the system with a spoofed IP. When building a piece of manufacturing and/or assembly equipment it's not unusual to try and make a bad part on purpose. This allows you to prove to everyone involved that you can't pass a discrepant part (or to make adjustments to get there).

Yes, but false positive as well as false negatives are just a microscopic part of it all. People have the tendency to get hunged-up on software testing, and actually, software testing is about 20 to 30 % of an entire ITQA process. Remember, it is a *system* that is composed by many, many parts that has to work OK for the result to be credible. That system involves (typically), network componenets, server components, OSs, apps, AND people. ALL of them must work OK, otherwise it is garbage. That's precisely why it is SO easy to punch holes if you audit an IT system. Most people focus on software only, if even that...

said by A Lurker:

The problem here is that Canipre wouldn't necessarily want to show holes in their system. In a good manufacturing system 'problems are good' since if you don't define the problem you can't fix it. It is however unlikely that they would want to do any testing that showed less than 100% accuracy. If it gets to the court case level someone would have to verify the accuracy of the system.

That's precisely why an "evidentiary hearing" is necessary. The lawyer is basically questioning the quality of Canipre's evidence and is asking for Canipre to "ponny-up". But, even before that, it is possible to request access to such evidence for review.
In ITQA that's what User Requirement Specification and System REquirement Specification documents are for. One tests against them where all the functions are defined. So, you end up with only three possibilities:

1 - All the functions were tested and are 100% OK (we loose)
2 - Not all the functions were tested. We can see this by comparing the Testing against the URS and SRS (we win) since there is no evidence to show that Canipre's systems perform as expected.
3 - All the functions were tested and are not 100% OK (and Canipre went ahead anyways) then we probably win, but it depends of the criticality of the function.

Even in the likely case that Canipre does not have a sound QA system in place , could they simply lie to the Judge? Sure. However, I think it would be pretty much suicidal. Why? Because the other party will request the documentation to prove so. And believe it to me, you *cannot* fake that amount of info in such a short period of time.

globus9991

join:2004-11-14
Argelia
reply to JMJimmy

said by JMJimmy:

Claiming infringement based on garbage, but not only that GuardaLey Observer doesn't actually download anything. It just collects IPs from the swarm and records that it received chunks even if no chunks were sent. See the independent review of the software (»www.scribd.com/doc/62983561/Ipoque-Rev)

Yes, but don't forget that Canipre's affidavit specifically states that they did download indeed the movies. The question is, how much and which chunks from which IP.

said by JMJimmy:

Edit: Re: Fair use... you can still upload 100% and have it be used for fair use. Lets say John Doe teacher wants to use a clip from a film, they download it from me, cut out the clip they need, use it and delete the rest.

Not sure about that, does not sound right, but I could be mistaken.


TwiztedZero
Nine Zero Burp Nine Six
Premium
join:2011-03-31
Toronto, ON
kudos:5
reply to globus9991

And if today's hour long session was any indication how long do you think the Jan. 14th one will be, I got a feeling it'll be another hour all told. (This isn't a trial there is no jury). Not a whole lot of time for arguments and playing legal tennis over the matter.
--
IF TREE = FALL AND PEOPLE = ZERO THEN SOUND = 0
Nine.Zero.Burp.Nine.Six
Twitter = Twizted
Chat = irc.teksavvy.ca


globus9991

join:2004-11-14
Argelia

said by TwiztedZero:

And if today's hour long session was any indication how long do you think the Jan. 14th one will be, I got a feeling it'll be another hour all told. (This isn't a trial there is no jury). Not a whole lot of time for arguments and playing legal tennis over the matter.

Yes, hence the need for an evidentiary hearing.
But also, all this stuff can be cleverly summarized. It does not need to take 10 pages or more. Remember that today the Judge *did* read CIPPIC's letter, which was partially tech in nature and it took it into consideration.
We are just providing the ammunition. If CIPPIC goes forth, let them pick and choose.


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable
reply to A Lurker

said by A Lurker:

I don't know enough about ITQA (my background is mfg QA/QS/QMS), however, the collection software should have some type of verification testing done. ie. someone should have specifically tried to fool the system with a spoofed IP. When building a piece of manufacturing and/or assembly equipment it's not unusual to try and make a bad part on purpose. This allows you to prove to everyone involved that you can't pass a discrepant part (or to make adjustments to get there).

I think it has been proven in the US that an IP was manually added to the swarm that belonged to a networked HP LaserJet printer.

That in itself shows how inaccurate this shit is.
--


globus9991

join:2004-11-14
Argelia

1 recommendation

said by HiVolt:

I think it has been proven in the US that an IP was manually added to the swarm that belonged to a networked HP LaserJet printer.

I knew it! I knew it!
Machines are getting *really* intelligent!
One torrent today, the world tomorrow!!


HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

1 recommendation

This isn't what I was talking about, but there's an oldere example of these notices and laserjets, hehe

»www.eff.org/deeplinks/2008/06/la···le-crime


JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL
reply to globus9991

said by globus9991:

said by JMJimmy:

Edit: Re: Fair use... you can still upload 100% and have it be used for fair use. Lets say John Doe teacher wants to use a clip from a film, they download it from me, cut out the clip they need, use it and delete the rest.

Not sure about that, does not sound right, but I could be mistaken.

I'm not 100% on this one either, fair use is always tricky. However, if this were not the case, how else would someone like an educator get the clip without a) purchasing the film b) breaking the digital lock rules on a rental/library copy.

bt

join:2009-02-26
canada
kudos:1

Pretty sure fair use applies to however they use it (ie: distribution to a class), and wouldn't cover any acts on the part of the source they got it from.

So in the case of your example, the teacher would be fine but your action would still be copyright infringement. I think.


JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL

Normally I would agree, but Muzak supra applies. Using a piece of equipment (P2P Client) which is capable of infringement doesn't mean I expressly authorize the infringement. If I were to email Joe teacher a link to my file and say "here download it" that's express authorization of infringement. Being part of a swarm is a passive behaviour.



drjp81

join:2006-01-09
canada
reply to HiVolt

said by HiVolt:

Very good summary of points, all valid IMO.

One thing which has been discussed many many times, is that identifying an IP does not mean identifying the person themselves.

Non-secured or poorly secured (WEP) WiFi is of course the easiest way a nogooder can steal someone's internet connection to perform illegal activity.

How many times have we read on these forums stories like "my internet is down, but thank god for my neighbour's open wifi".

Stupidity or non-awareness does not make you guilty. There isn't a law that you have to have your home internet connection secured to the highest available standards. For the same reason if you forget to lock your house or your car, it does not give another person the right to steal from you.

Also if I didn't make this clear last time, I'd like to point out that even pretty well secured wifi, there the good old WPS vulnerability that I'm sure affects 80-90 of the hardware owned by our friends here at DSL reports. Of course, that's if you have the original firmware...
--
Cheers!

globus9991

join:2004-11-14
Argelia

said by drjp81:

Also if I didn't make this clear last time, I'd like to point out that even pretty well secured wifi, there the good old WPS vulnerability that I'm sure affects 80-90 of the hardware owned by our friends here at DSL reports. Of course, that's if you have the original firmware...

I am not sure about that. I did some surveys bout a year plus ago and most systems I found did not had the flaw. But this is pointless. For this info to be valid we would have to have a current study and even then I am not sure if it can be presented as evidence because it is just heresay. I think (but not sure) that one would have to present either the author or a pro that would testify to the accuracy of the report.

morisato

join:2008-03-16
Oshawa, ON
Reviews:
·TekSavvy Cable
·TekSavvy DSL
·ELECTRONICBOX
reply to drjp81

But if you leave a Loaded firearm With On the front seat of your car with the windows open and someone gets killed Your still responsible.. hence if u leave your internet open Your responsible Law or not. At least thats the arguement they would use.
--
Every time Someone leaves Sympatico an Angel gets its wings.



HiVolt
Premium
join:2000-12-28
Toronto, ON
kudos:21
Reviews:
·TekSavvy DSL
·TekSavvy Cable

said by morisato:

But if you leave a Loaded firearm With On the front seat of your car with the windows open and someone gets killed Your still responsible.. hence if u leave your internet open Your responsible Law or not. At least thats the arguement they would use.

Isn't that a little different? Cause & effect?

Nobody gets killed, injured, affected directly when a file is shared...

The trolls would like everyone to believe that every shared copy is a sale lost... Thats just not true.
--
F**K THE NHL. Go Blue Jays 2013!!!


cognizantt

join:2009-06-13
Montreal, QC
reply to globus9991

»www.cippic.ca/en/node/129270

CIPPIC Asks Court to Delay Hearing in Voltage v. Doe


globus9991

join:2004-11-14
Argelia

said by cognizantt:

»www.cippic.ca/en/node/129270

CIPPIC Asks Court to Delay Hearing in Voltage v. Doe

Yes, we know. That's *very* old news. It was postponed to jan 14.

globus9991

join:2004-11-14
Argelia
reply to morisato

said by morisato:

But if you leave a Loaded firearm With On the front seat of your car with the windows open and someone gets killed Your still responsible.. hence if u leave your internet open Your responsible Law or not. At least thats the arguement they would use.

I would argue that there is a huuuuuge difference. You have a statutory duty to secure your weapon.This is, by law. you must keep your weapon out of other people's hands. So, if you leave your weapon where anybody can get it, sure, you are responsible.

However, there is no law against having poorly secured or un-secured wifi. Furthermore, if somebody uses your internet connection without your persmission through it, that would fall under the definition of theft.

So no. The question is not that. The question is if a judge would accept the argument. Frankly, I don't know. I guess it would have to be compellling. For example a total noob. If anyone with a modicum of tech-savvy would try it, the judge would probably not accep it.

Fuzzy285

join:2012-12-12
reply to morisato

Keiichi, if you forget your car unlocked and someone steals it and mows down an octagenarian it is still them who are comitting an illegal act. Your car's main purpose is not to mow down pedestrians, just as your Internet connection's main purpose is not to commit illegal acts, so the level of "responsibility" regarding it's misuse is very different from that of a firearm. That's probably why there are no laws about locking down your Internet, though they might be coming soon, what with all the hyperbole.