Public Service Message: Opening Up Your WiFi Does Not Guarantee You A Free Pass Against RIAA

from the in-case-you-were-wondering dept

Mon, Nov 6th 2006 6:52pm — Mike Masnick

Well, perhaps we need to take some responsibility here. A few years ago, we pointed to an article in Salon from someone saying he was going to open up his WiFi in order to deny any responsibility for anything that was done on the network. We pointed out that this made sense, logically thinking, since the owner of the network could have some plausible deniability over what was done on the network, and just associating an IP address with the account would no longer be enough proof to show that the account's owner was responsible. Of course, we pointed out that this was a legal strategy that was unlikely to work, and you'd probably still find yourself in court, which isn't very much fun. Partly because of this, earlier this year, we posted a somewhat tongue-in-cheek post about how the RIAA dropped a case after someone used this defense. Of course, the specifics included the fact that there were many different people using the network on a regular basis, so it actually was plausible, if not probable, that someone else had downloaded music. Mostly, we were just surprised that such a defense actually worked. However, it appears that perhaps our tongue wasn't far enough in our cheek and people thought that it really was a perfectly reasonable defense to say you had an open WiFi access point. That's resulted in a legal website begging people not to rely on this defense, as it's unlikely to get you very far (though, you will still end up in court). That isn't to say it's not useful to be able to point out that an IP address does not identify a person, but you'd better have plenty of other evidence to support why it probably wasn't you on the network doing whatever you're being accused of doing.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

23 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

copperheadclgp, 6 Nov 2006 @ 5:42pm

Dumb Idea
I don't know why anyone would resort to this level of stupidity. You are running a far greater risk by opening up your network than securing it and using something like Truecrypt to create an encrypted partition on your hard drive for your music and porn.

I doubt very much that a case could be made against you when there is little or no evidence other than a large secure partition. And it is doubtful that you could be compelled by court order to hand over the password.
[ link to this | view in chronology ]
- Aaron, 6 Nov 2006 @ 6:27pm
  
  Re: Dumb Idea
  "And it is doubtful that you could be compelled by court order to hand over the password."
  
  I'm not a lawyer, but I wouldn't count on that - I believe in a civil case that would probably result in a summary judgment against you - it's no different than refusing to hand over the hard drive when ordered by the court.
  [ link to this | view in chronology ]
  - AnonMe, 6 Nov 2006 @ 8:13pm
    
    Re: Re: Dumb Idea
    Truecrypt actually deals with this sort of thing as well by having a "hidden/encrypted" volume inside another and allows for plausible deniability. You just put some semi-private stuff in the "outside" volume that you don't mind having to show, and then if forced to just give the password for that outside volume while the hidden volume within that one remains encrypted. Any and all free space is filled with random data anyway so they can't tell if there's anything else in there besides what the few files you volunteered to show.
    [ link to this | view in chronology ]
ShimmyShimmy, 6 Nov 2006 @ 6:01pm

Actually....
It's probably a solid idea in my case. I live at the end of a cul-de-sac. In an isolated neighborhood. There's no through traffic on our court, and both neighbors in our range are like 60+ and I don't even think have a computer.
For our case, the (minor) plausible deniability would certainly be worth whatever risk I have of someone sitting in on my internet connection. I mean, it's not like I have my paypal records in my shared folders or anything.
[ link to this | view in chronology ]
CircuitousChef, 6 Nov 2006 @ 6:16pm

what if your hard drive were to accidentally fall into the oven at 450 degrees overnight before you had to present it in court?
[ link to this | view in chronology ]
- peteweez, 15 Dec 2006 @ 11:20pm
  
  Re: Putting a hard drive in an oven
  Ummm actually putting your hard drive in your oven at 450 degrees won't do you that much good. It may well damage the electronics that your hard drive uses to access the data on the magnetic platters, rendering the hard drive essentially useless to you. However, it's highly unlikely to damage the magnetic platters, as 450 is too cool to melt the platters AFAIK, and it's below the Curie point (temperature at which a material loses its magnetic properties) of hard drives AFAIK. So forensics people could still probably recover the data from your hard drive. It's a good idea, actually...it's quite interesting, but it won't work. Thermite (don't try this at home kids!), a mixture of rust powder and aluminum powder, is a flammable substance that produces temperatures of something like 1500 degrees Celsius IIRC, which will melt Iron and many other things. Thermite will completely destroy your hard drive. It will also completely destroy your house, your car, your flesh, and anything else that gets in its way (except for material like clay). Not to mention, it's illegal AFAIK in the U.S.A. But it still makes a cool-looking fireball!
  [ link to this | view in chronology ]
eprimetime, 6 Nov 2006 @ 6:43pm

May not apply
Keep in mind that the website linked to at the end is a UK website, and those laws may/may not apply to those of us in the US.
[ link to this | view in chronology ]
Mike Linksvayer (profile), 6 Nov 2006 @ 6:50pm

close your wifi
If opening your wifi is no protection it follows directly that opening your wifi puts you at serious risk, no?
[ link to this | view in chronology ]
|3331373|3|_||3, 6 Nov 2006 @ 7:18pm

Better Encryption
I have begun working on a system of encryption with several passwords on encrypted RARs, and a large amount of crap data which just looks like a RAR. This way, when they demand the password, you hand over the ones you wnat them to have, and for the section withthe MP3s etc you jus say that that is crap filler, and laugh. a brute force cracker would have problems since the vast majority of the data is junk no mater which of the passwords you are using at any partcular moment. It could be broken by brute forcing it, string ing ogether all that data, but I will hav to leave that for v2.0. As it is, i doublt that a court would acccept as evidence in a civil case "we took this guy's HDD and cracked a file on it", since in the US and those countries with stupid enough govevernement to agree this would break the DMCA if anything within the spacce was your own work!
[ link to this | view in chronology ]
joker, 6 Nov 2006 @ 7:45pm

hahaha
to "better encyrption" when the court doesnt find the password they seek they will just send the RIAA hitmen to your house which will most likely pluck your eyeballs out with a hot-fork and then feed your tasty cooked brain (hannibal style). C'mon folks everyone knows to download thier warez at grandmas house! Thats why I'm getting her fiber and a bluerar burner this chirstams!
[ link to this | view in chronology ]
craig, 6 Nov 2006 @ 8:07pm

Is that nice? WE need the evidence, THEY don't.
Make an accusation without presenting evidence, and the defendant has to produce evidence of innocence!

The american way.
[ link to this | view in chronology ]
Anonymous Coward, 6 Nov 2006 @ 8:22pm

Whether it was you or not, you are still responsible for the content that flows in and out of your network. (I guess the best example is the Napster case.) Ignorance is no defense and you will get eaten alive.
[ link to this | view in chronology ]
Patrick, 6 Nov 2006 @ 8:43pm

Wait a minute...
Whatever happened to the fact that the courts had to prove you were GUILTY? Since when did you have to start proving the fact that you are INNOCENT? It's not your responsability to prove that you aren't. Another thing...I seriously dont understand how IPs can make you guity. For instance...if you're driving in a car running a red light and they take a picture of you...they have to prove that it's you. If I give my keys to a buddy and drive my car...regardless that it's my car...it's not my responsibility to pay the fine. It's HIS. So I don't understand how the RIAA can get away with only tagging IP's with associated illegal downloads and win. There's still no way to prove that I was the culprit despite that the line ends at the end of my house.

On the other hand if they are winning and claiming neglegence on me despite rather or not I downloaded illegal material...shouldn't that be covered by homeowners. I mean doesnt homeowners cover neglegence on my property?

I may be wrong...dont hold me to anything...I'm just putting some interesting thoughts here.
[ link to this | view in chronology ]
- Mike (profile), 6 Nov 2006 @ 8:54pm
  
  Re: Wait a minute...
  Whatever happened to the fact that the courts had to prove you were GUILTY?
  
  They do, but if they can provide enough evidence to suggest that open WiFi or not, you were the most likely person using the network, you could be in trouble.
  [ link to this | view in chronology ]
- Chris, 6 Nov 2006 @ 9:22pm
  
  Re: Wait a minute...
  Some jurisdictions have laws where owner onus applies. If you own the car that runs the red light, you are the guilty party unless you nominate someone else to take the rap. Some thing applies to IP address. You are the account holder, you did the deed unless you rat on someone else.
  [ link to this | view in chronology ]
- Aaron, 6 Nov 2006 @ 9:43pm
  
  Re: Wait a minute...
  "Whatever happened to the fact that the courts had to prove you were GUILTY?"
  
  The marvelous invention and evolution of civil court system decided to throw that out... ;) As a side note, AFAIK it is a relatively new concept to be considered innocent until proven guilty - for most of history, it was the other way around...
  
  "if you're driving in a car running a red light and they take a picture of you...they have to prove that it's you."
  
  Technology is a wonderful thing, isn't it? That used to be true and most of this really hasn't been tested well in the courts, but yes, you can receive a citation based on "evidence" taken by electronic means. If you take the time to go to court and dispute the issue, you might win - depends on the local politics...
  [ link to this | view in chronology ]
Not as stupid as I look, 6 Nov 2006 @ 9:28pm

Presumption of innocence?
Ummm... as far as I know, the RIAA lawsuits are just that, lawsuits, not prosecutions. Even though piracy of music, pictures, videos, and other copyrighted materials is a federal crime, the FBI doesn't seem too eager to prosecute little Mary Jane Rottencrotch for downloading the latest Hillary Duff single. These are civil lawsuits. The burden of proof is much less (I know this both because my brother is a lawyer and I just sat through the jury selection process in a major Vioxx-related case). The Plaintiff only has to show that it is more likely than not that the defendant committed the act they are accused of. Presumption of innocence and reasonable doubt have no bearing in civil matters. If the plaintiff provides evidence that it is 51% likely that someone did something, then the jury must find in their favor. Think of the OJ Simpson murder trial. The prosecution could not prove (thanks to some trickery by the defense) beyond a reasonable doubt that OJ did the crime, but in the civil wrongful death case it was easy to prove it was more likely than not that he did it... I hope that clarifies things a little.
[ link to this | view in chronology ]
Music Pirate, 7 Nov 2006 @ 1:39am

The Internet: All the Piracy, None of the Scurvy!
[ link to this | view in chronology ]
DJ Twiztid, 7 Nov 2006 @ 7:20am

I still say that the RIAA and the MPAA are the work of evil knomes that steal your left sock, get your dog knocked up, and pisses in your weaties too. Dirty bastards have no life other then to mess with others because they can't get that extra commision to buy that high priced hooker on the corner of broadway n 1st.
[ link to this | view in chronology ]
Wyndle, 7 Nov 2006 @ 7:43am

Opening your network will not absolve you of responsibility. What it will do is post an invitation to all of your local hackers and script kiddies to come mooch your bandwidth to download all the latest "not so legal to use" files and possibly host a DoS or DDoS attack. When your ISP finds that your IP is directly connected to that who do you think "they" are going to sick their lawyers on?

Is that a fair trade-off for a half-@$$ attempt to throw some doubt into a potential lawsuit?
[ link to this | view in chronology ]
Anonymous Coward, 7 Nov 2006 @ 8:06am

Here (Netherlands) quite a few ISP's leave the wifi unprotected by default! The client has to set up the security. (some consumer program told me)
How's this in the US? If the same applies, isn't the ISP responsible?
I'm supposed to be better at securing my wifi network than most ISP's?
Still I agree that it's MUCH wiser to just have it all secured, you don't want to be a test case for such legal crap.
[ link to this | view in chronology ]
Dallas, 7 Nov 2006 @ 8:12am

With the growing involvement of technology in our everyday lives, do we really have a reason for concern?
Of course is my answer. But to others, the line between ignorance and deniability run thin. If you leave your router wide open(whether not having the knowledge to, or not wanting to) and some one uses your connection for questionable activities, it's still your fault. Like stated before, ignorance is not a defense. I believe that before being able to set up a wireless ap, every person should be instructed on the proper way to secure your router (WEP, ect.) and little stuff like changing the admin pass on the device itself. If the user Still wants to leave their device open, then they must acknowledge the facts, and except that if anything happens, then it's still your fault. Now there are always two sides to every coin. Hot spots like starbucks and other WiFi cafes rely on the openness of these devices for their business. Well.. here's where the thin line comes iin to place. An ignorant tech geek (that might be a oxymoron) who is in charge of the network at starbucks, Should be in the "know" enough to know what precautions should be taken when setting up a wireless ap, like NAT, RIP, port closer, ect. But then you have grandma and grandpa who get talked into buying wireless from road runner, you have the ignorance circle start all over again.
I guess what I'm trying to say is ignorance doesn't supersede responsibility. If your going to set up a wireless ap, you should be informed of the possible consequences.
[ link to this | view in chronology ]
Anonymous Coward, 14 Nov 2006 @ 7:09am

So if I use my city's municipal WiFi to download things, then the city should be sued since they own the connection, right?
[ link to this | view in chronology ]