dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2580
share rss forum feed

globus999

join:2008-05-15

1 edit

Copyright Lawsuits - The Pink Elephant in the room defense

I keep looking in puzzlement the development of different copyright lawsuits and keep asking myself the same question: Why is nobody using the Giant Pink Elephant in the room as defense?

What elephant you mean? Simple. All copyrights are technically based on the following (simplistic) approach:

1 - ID that the copyrighted material in question is indeed being shared

2 - ID the IPs that are sharing the material

3 - Create an affidavit and go to the judge to demand Person/Location ID for that IP

4 - Gouge the "alleged-infringer" for money.

Now, I don't know if you noticed, but steps 1 through 3 depend 100% on software. That's right! Software.

Software that is, most of the time, "proprietary" (aka hidden).

Now, if I would get sued, the first thing I would do is to submit a motion to the judge to provide me with the following information:

1 - All documentation related to the development, testing and implementation and, particularly, with the Software Quality Assurance Life Cycle of the all the software and hardware that was used to create the "IP logs".

2 - Provide with all the security protocols, processes and procedures, including infrastructure details of the IT environment where the "proprietary" software operates.

3 - All the technical and legal credentials of all the people involved in the development, testing and implementation of the "proprietary" software, with particular emphasis with their training, specifically wrt the use of said software.

That would pretty much stop them dead in the tracks. Why? Simple, an affidavit stating that so-and-so witnessed and IP being detected and that "believes" that that info is accurate is worth exactly bupkus!. In the final analysis is an IT system that is finering your IP and therefore you are fully entitled to explore the quality (i.e. accuracy and reproducibility and use) of said system. In other words, the guy signing the affidavit is signing to a hearsay, the "real" witness for the complaint is the "IT system". And, you have the right to confront the accuser, hence you have the right to review all the minute details of said "IT system".

Now, I have been doing SQA in regulated environments for over 20 years, and I can tell you without a shadow of a doubt, two things:

1 - They better have truckloads of paperwork to support their claims. And I do not mean source code listings. Source code is only a secundary considerations. I mean documentation for development, testing and implementation (e.g. SQA Procedures, SOPs, User Requirements, System Requirements, Design Specifications, Unit Specifications, Design Reviews, etc, etc, etc.).

2 - Even in the remote case that they actually have all that documentation, it will take them forever to get it and it will cost them a fortune, and, it will make them think twice of suing you. But, more importantly, even if the actually deliver such info, even through a cursory review is *SO* easy to punch holes in it that at the end of the process it will look like Swiss cheese.

In other words, by shredding the "IT system" to pieces, you just killed your only accuser.

Check mate.

PS.: obviously, as this defense is deployed, lawyers will wise up and hire SQA specialists, but for now, they are sitting ducks.

static416

join:2007-01-26
Toronto, ON
I guess you are entitled to ask for whatever you want to ask for, but that doesn't mean they have to provide it, or the judge has to agree it's relevant.

I'm aerospace software development and we go to great lengths in order to ensure that the software we produce is relatively bug-free and documented extensively. I'd argue that a similar approach is required for software used in court proceedings.

That said, I'm sure that their software is fairly well documented. Or at least documented and validated well enough to provide a 90-95% certainty that it's functioning as intended.

In any case, attacking potential weaknesses in their software development process seems like a poor tactic. They can improve that fairly easily to the point that it's no longer a weakness.

The only real way to win in this situation is to demonstrate that an IP is not a person. That should be relatively easy to do, and is a strong defence that can't be defeated once established.
--
www.LaconicReply.com - Tech/photography/rant blog

globus999

join:2008-05-15
said by static416:

I guess you are entitled to ask for whatever you want to ask for, but that doesn't mean they have to provide it, or the judge has to agree it's relevant.

As I said above, the only "real" witness is the IT System. If the judge disallows it, then I have phenomenal grounds for an appeal.

said by static416:

I'm aerospace software development and we go to great lengths in order to ensure that the software we produce is relatively bug-free and documented extensively. I'd argue that a similar approach is required for software used in court proceedings.

Yes it is, and no, I would doubt it. Any SQA process is human-intensive (yes, there are places where one can automate, but still the automation scripts need to be created by humans). Human-intensive means high costs. I just don't see any Legal Firm willing to invest 1 to 10 million dollars in such endevour, more taking into consideration that the return on lawsuit (except in US) is quite low.

said by static416:

That said, I'm sure that their software is fairly well documented. Or at least documented and validated well enough to provide a 90-95% certainty that it's functioning as intended.

There is no such thing as "well documented" and there is no such thing as 90-95% certainty that any software is "suitable for use". Why? simple. Any documentation is flawed because is developed by humans. Pareto's rule applies. You can get to an 80% quality with 20% of the budget, but to go the next 80% (that is 96%) you will need 84% of the budget. In other words, it is an exponentially diminishing rate of quality improvement subject to an exponentially increasing budget. No company will do so. As to the 90 to 95%, you know as well as I do that test end points are arbitrary. There is no single statistical process that will enable you to apply any rational (i.e. statistical based) end point (technically speaking it is impossible to know a-priori the statistical distributions (as in many) that govern given error types). So, no, you can't state that either.

Besides, I don't need to do so. All I need to do is to punch sufficient holes to demonstrate that it is certainly quite possible that the software has made an error. That's all it takes. And that is quite easy to do since I don't have to find a specific error that would do so. All I need to do is to demonstrate that there are sufficient unknowns.

said by static416:

In any case, attacking potential weaknesses in their software development process seems like a poor tactic. They can improve that fairly easily to the point that it's no longer a weakness.

No, they can't. As I stated above, it becomes prohibitively expensive. Besides, the point is to get you out of hot water now. The future is a different issue.

said by static416:

The only real way to win in this situation is to demonstrate that an IP is not a person. That should be relatively easy to do, and is a strong defence that can't be defeated once established.

Well, sorry to deflate your "strong defense" but it has already been defeated. Judges have rejected the notion of WiFi hacking, for example and have determined that the person who signed on with the ISP is responsible. So no. Such defense did not work in the past and, barring specific and special circumstances, won't work any time soon in the future.


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
said by globus999:

Well, sorry to deflate your "strong defense" but it has already been defeated. Judges have rejected the notion of WiFi hacking, for example and have determined that the person who signed on with the ISP is responsible. So no. Such defense did not work in the past and, barring specific and special circumstances, won't work any time soon in the future.

"An IP is not a person" isn't "my WIFI was open". You may not agree with the defense, but it doesn't make it any less valid than your defense that their machines made a mistake.

--
I'm watching District 9 again, and I've come to realize something: Wikus's got it all wrong. If I were morphing into a 9 foot tall hyper-dextrous alien that can shoot lightning bolts and get high off cat food why would I ever want to become human again?

InvalidError

join:2008-02-03
kudos:5
reply to globus999
There isn't much of an IT system required to scoop up IPs that are active on a given torrent...
1) install any generic or proprietary torrent software
2) open the torrent file to be investigated
3) open the peer list page in whatever torrent program being used
4) take timestamped screenshots

With this alone, you already have proof beyond reasonable doubt that the IPs in the screen caps were involved in that torrent.


Gone
Premium
join:2011-01-24
Fort Erie, ON
kudos:4
reply to globus999
said by globus999:

Well, sorry to deflate your "strong defense" but it has already been defeated. Judges have rejected the notion of WiFi hacking, for example and have determined that the person who signed on with the ISP is responsible. So no. Such defense did not work in the past and, barring specific and special circumstances, won't work any time soon in the future.

Do you have some relevant Canadian case law to back that up? There are significantly different legal interpretations regarding an owners responsibility between Canada and the USA.

And remember - American case law doesn't count.

jfmezei
Premium
join:2007-01-03
Pointe-Claire, QC
kudos:23
Guy, I suspect this IPP guy just used an off the shelf open sourced program, downloaded the torrent file, cnnected to the torrent and looked for Ips that belongs to the 3 ISPs his client wanted to target and he wrote them down in some small database application.

He dresses his affidavit to make it look like he has sophisticated software.


steviewhy

join:2007-12-10
reply to InvalidError
said by InvalidError:

There isn't much of an IT system required to scoop up IPs that are active on a given torrent...
1) install any generic or proprietary torrent software
2) open the torrent file to be investigated
3) open the peer list page in whatever torrent program being used
4) take timestamped screenshots

With this alone, you already have proof beyond reasonable doubt that the IPs in the screen caps were involved in that torrent.

While involvement is pretty much conclusive. The upload portion could always be disputed. Any person can claim that they were running the Bitthief client and that any uploaded content was useless garbage packets and not the infringing content itself.

jp_zer0

join:2009-07-27
Gatineau, QC
reply to globus999
The only thing you need to do if you're tied up in a hurtlocker-style lawsuit is to do nothing. None of these go to trial. It's purely an extortion scheme that relies on gullible people paying the settlement.

I don't think there's a law firm or rights owner out there that has made a profitable venture out of actually pursuing bit-torrent sharers. If there was, we'd all be in jail and bit-torrent would be dead as a rights infringing protocol.

I'm not even sure that Canadian courts consider bit-torrent "uploading" as a form of distribution. AFAIK you have to be included in the actual scene groups or be a site operator to be considered a distributor. (Which is the only thing illegal as it stands now)

But static416 is right. Finding the infringing individual behind an IP address is the hurdle for law firms and rights holders. Globus is wrong when he says that the ISP account holder is responsible, this is simply not the case in Canada. But recently in New-Zealand I believe they made account holders liable for infringing traffic and its been a complete mess. Business owners, universities, etc with public wi-fi have to invest in network filtering/snooping technology or be open to highly punitive lawsuits for infringing that they did not commit. I don't need to tell you that this is being stuck between a rock and a hard place. Most places decide to stop offering wi-fi.

But if Canada didn't do that already they need to put a limit to how many "john doe"s or IP-addresses they can link to a single case. If Canadian courts tell the rights holders that they can only file 20 ip addresses before paying a new $350 filing fee and $150 subpoena fee, then the extortion spam would come to a screeching halt because they can't milk $500 + lawyer time out of 20 addresses. Usually the account holder is not the infringer so he won't pay the settlement because he's not guilty and even in the cases where the account holder would be guilty not many will pay the settlement. A court in the US did that recently and I think it's genius.

globus999

join:2008-05-15
reply to El Quintron
said by El Quintron:

said by globus999:

Well, sorry to deflate your "strong defense" but it has already been defeated. Judges have rejected the notion of WiFi hacking, for example and have determined that the person who signed on with the ISP is responsible. So no. Such defense did not work in the past and, barring specific and special circumstances, won't work any time soon in the future.

"An IP is not a person" isn't "my WIFI was open". You may not agree with the defense, but it doesn't make it any less valid than your defense that their machines made a mistake.

Two things:

1 - The "penetrated WiFi" defense has already been judicially discarded. So, no.

2 - Missing the point, I don't have to prove the software made a mistake. All I need to do is to show that the quality is not there. Two different things altogether.

globus999

join:2008-05-15
reply to InvalidError
said by InvalidError:

There isn't much of an IT system required to scoop up IPs that are active on a given torrent...
1) install any generic or proprietary torrent software
2) open the torrent file to be investigated
3) open the peer list page in whatever torrent program being used
4) take timestamped screenshots

With this alone, you already have proof beyond reasonable doubt that the IPs in the screen caps were involved in that torrent.

Most definitively not. You completely mistaken. You are thinking "user" quality. I am thinking "judicial" quality. There are two completely different things. If you show up in a courtroom with this information I am laughing all the way to the bank. I can shred it to pieces since you have ZERO, let me repeat this ZERO verifiable, documented, evidence that the software / process / your training can pinpoint my IP accurately and reproducibly. Game over!


Gone
Premium
join:2011-01-24
Fort Erie, ON
kudos:4
reply to globus999
said by globus999:

1 - The "penetrated WiFi" defense has already been judicially discarded. So, no.

When and where? Cite your facts.

jp_zer0

join:2009-07-27
Gatineau, QC
reply to globus999
I don't even understand the potential for error in a swarm logging program. It doesn't calculate anything, it just writes down who's connected to the swarm and sharing the data.

InvalidError

join:2008-02-03
kudos:5
reply to globus999
said by globus999:

If you show up in a courtroom with this information I am laughing all the way to the bank. I can shred it to pieces since you have ZERO, let me repeat this ZERO verifiable, documented, evidence that the software / process / your training can pinpoint my IP accurately and reproducibly. Game over!

IPs are directly observable information just like license plates on cars, there is no need for any fancy tools to "pinpoint" it, they are right there in plain-text and the bittorrent handshake tells the peer exactly what torrent the incoming peer connection is interested in the first 30 or so bytes of application-layer traffic.

The main difficulty is the short-lived nature of the 'live' evidence since it leaves no visible traces for re-examination once activity stops, which is often less than an hour after it started with torrents... short of seizing the subscriber equipment and tracker servers for forensic inspection before all traces are overwritten.

Jurjen

join:2010-08-18
Montreal, QC
reply to globus999
Alternatively, copyright laws allow the use of excerpts of the complete work, without having to notify the owner of the copyrighted work.

I'm not uploading an entire movie or song to other people, but just some small packets (in case of a big movie they often go per 4MB). So as long as I don't send all the excerpts to one person, making it the whole movie (which is rare, since they are always several leachers and seeders), I'm not doing anything wrong?

jfmezei
Premium
join:2007-01-03
Pointe-Claire, QC
kudos:23
reply to globus999
said by globus999:

Most definitively not. You completely mistaken. You are thinking "user" quality. I am thinking "judicial" quality.

Judicial quality requires proof that the accuser did not tamper with the so called evidence or didn't generate the evidence from IPs supplied by Bell.

Whether the accuser has fancy software or just uses a normal bittorrent client to take snapshots doesn't change the fact that when this is done in his basement without a witness and without the vidence beng taken out of his control as soon as it is obtained, there remains the doubt that the accuser has generated or modified the evidence.


ekster
Hi there
Premium
join:2010-07-16
Lachine, QC
kudos:3
Reviews:
·FreePhoneLine
I wonder... if I just go and type

50.12.26.117
112.10.113.101
69.20.123.64

in a text file called "-=ekster's awesome copyrighted book=- illegal torrent for terrorists"

can I go to court and sue those 3 guys/girls/cats/servers/ATMs/whatever else it could be??

After all, I got eye-peas!


AkFubar
Admittedly, A Teksavvy Fan

join:2005-02-28
Toronto CAN.
Reviews:
·TekSavvy DSL
reply to globus999
For all you know this detailed information could have been stipulated already. This is not the first time around the block for this complainant regarding this lawsuit. There have been hundreds maybe thousands of successful lawsuits in the USA already.
--
If my online experience is enhanced, why are my speeds throttled?? AVPeeeeeee'd Off!


protocolss

@telus.net
said by AkFubar:

There have been hundreds maybe thousands of successful lawsuits in the USA already.

A better term is a "successful extortion" not "successful lawsuit".

For technically, a user must be brought in front of the Judge in order for a "court filed lawsuit" to be successful. Settling out of Court is just a quick way to have the "potencial lawsuit notification" to disappear.
In the cases of these copyright enforcement goons, they sent notices of "intention to sue" in yadayada court(or maybe they did file to the court, for a time for the case to be heard), which caused users to crap their pants and pay out a "lawyer predetermined" "settlement fee"(aka: extortion). Which is how these cases work. Parts of Europe have even banned lawyers from practicing for a short time, for taking on all these cases, based on getting a "cut of the money paid by users" to the defendant.


Spike
Premium
join:2008-05-16
Toronto, ON

1 edit
reply to globus999
Just use WEP, like most Bell sheep (the default for most Bell modems), and claim your WiFi was hacked. Hire a lawyer. They wont have a chance if you can prove it wasn't you. Remember, loser pays in Canada.

Second, use a second computer such as a laptop and make it conveniently disappear the moment you get a letter.

Or you can buy a seedbox from France or whatever and not have to worry, as they won't be looking for Canadian users of a French IP address. Theres always Usenet and file locker sites to leech from too....


Spike
Premium
join:2008-05-16
Toronto, ON
reply to AkFubar
said by AkFubar:

There have been hundreds maybe thousands of successful lawsuits in the USA already.

You gotta be joking right? There are maybe 2 lawsuits from the RIAA thats ever gone to trial many years ago, and STILL ongoing to this very day. Jammie Thomas-Rasset and Joel Tenenbaum.

Jurjen

join:2010-08-18
Montreal, QC
reply to Spike
France isn't good anymore since their new "3-strikes system". You should try Russia or Sweden. Note that if they (the companies trying to get compensation for their copyright) can get any information if they're persistent enough. Remote PC providers need to keep logs in most countries, so even if you delete your data there, they still have information that it was YOUR IP that accessed the remote PC for "illegal" use. And they'll need to share that information, if the proper authorities come knocking at their door.