Wednesday, September 12, 2007

Tallie Stubbs Fights Back in Support of Motion for Attorneys Fees; Submits Declaration of Computer Security Expert

In Warner v. Stubbs, in Oklahoma, the defendant has submitted reply papers -- including the detailed declaration of her expert witness, computer security expert Jayson Street -- in support of her motion for attorneys fees.

Mr. Street testified that there was no evidence of any file sharing having taken place on Ms. Stubbs's computer, and that she had an unsecure wireless connection that could have been accessed easily by a malicious user.

Reply Brief in Support of Attorneys Fees Motion*
Declaration of Expert Witness Jayson Street*

* Document published online at Internet Law & Regulation

Keywords: digital copyright online law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs




3 comments:

mhoyes62 said...

This is an excelent report by the expert. I know from experience that most people have wireless networks that are totally open. The thing I found very interesting is that KaZaa allows for multiple users with the same user name. This would seem to be a further nail in the RIAA litigation coffin. I would hope that the defending attorneys in other cases can bring this point up as well. If it can be shown that the user id, along with the IP address, are not ways of uniquely identifing an individual, then the RIAA really seems to have no leg to stand on.

Michael

AMD FanBoi said...

mhoves: Because there is no central authority in a pure P2P system, there is no method to enforce KaZaZ identifier uniqueness. A large number of people, for example, could decide to make their KaZaZ identifier 'riaasux' in protest, if they so desired. The way some P2P systems step around this problem of duplicate user identifiers is by appending a random number after each name that's beyond a user's control Therefore you might see riaasux123, riaasux654, and riaasux666 all on the network at the same time. And if you reset your name back to 'riaasux' again, you'll likely get a new suffix number. This is why you see many P2P names followed by several digits. This unique KaZaZ identifier isn't actually a user name per se, but rather just an identifier program that can be changed at will, and identifies this instance of the program solely within the P2P system for chats, messages, and the like.

Calling a KaZaZ identifier a User ID is flat outright wrong.

The only way to fingerprint a computer who was once say riaasux123, but now appears to be riaasux987, would be to look at the entire contents of their share directory, and the versions of the files in there based on size and hash codes. Then you could state that there was a reasonable probability that user identifier 123 might now be 987. It wouldn't be conclusive, but you could assign likelihood to it. Of course, a user who regularly changes their KaZaZ identifier, and the contents of their share directory, would be much more difficult to identify as the same computer the second time around. And the RIAA has made a big deal about catching the same "user" more than once, even when they've been wrong about it (see one of the other cases posted here today).

In fact, that case where the RIAA admitted they'd made a mistake in IDing the same user a second time, but never informed the Settlement Support Center should be a Big Deal. Here is the first place where I've seen it PROVEN that the RIAA identification process is flawed, and can give wrong results. A good lawyer should latch onto how that happened like a bulldog!

mhoyes62 said...

Amd: I agree, that the attorneys should latch onto that.

I personally don't use any of the P2P systems, so was not aware of how they were set up. From looking at your explaination and also the expert witnesses, this appears to also cause a problem that if you get an id that was used by someone else, they may have the "shared" files cached, and so you could wind up looking like you are sharing a lot more than is actually being shared. I would think that this would play total havoc with the Plaintiff's assertions as this shows that they don't have any proof of what machine they think they are seeing, no proof of what the IP address is of that machine as it can be cached also. No way of actually identifing the machine they think they are seeing. And only an IP address to go to an ISP and try to bully a name from.

Now the question is how can this be brought before all the courts to let them know how flimsy the case really is that is being presented by the RIAA. So far, it seems that everytime it gets close to proving anything like this, that the RIAA voluntarily dismisses the claims so it doesn't have to have a court decision.