News.com Prevents Falsely Accused Grandmother Of Getting Kicked Off The Internet By The MPAA

from the but-who-will-protect-anyone-else? dept

One of the problems we've had with the whole "three strikes" concept that would kick people off the internet due to accusations, not convictions, of file sharing, is the fact that we hear all the time about innocent users accused of file sharing. Greg Sandoval, over at News.com recently came across a grandmother who was falsely accused multiple times of file sharing, and her ISP, Qwest, was threatening to kick her off the internet. We had not heard that Qwest had signed on with a "three strikes" program, so it's a bit of news that it's one of the companies who will accept bogus accusations. Not only that, but Qwest even told her that no other provider would grant her service because Qwest would let those other service providers "know her name and what she did." Thanks, Qwest!

The problem, of course, was that Cathi Paradiso didn't share any of the movies or TV shows she was accused of sharing, and she works from home as a recruiter -- so losing her internet access would be devastating. But the only way she got Qwest to back down was because Sandoval and News.com became interested in the story and convinced Qwest to look deeper. But if Paradiso hadn't been able to draw attention to herself from the press, she would have had no recourse. There was no one she could appeal to, and no official process to respond to the bogus claims of Hollywood. She got lucky that News.com was willing to pick up her story and contact Qwest, but what about anyone else threatened with bogus notices? Meanwhile, BayTSP, the company whose "evidence" has been shown to be flimsy and easily falsified in the past, stands by accusing her of file sharing, saying it was her own fault for having an open WiFi network, suggesting there's something inherently wrong with sharing your WiFi. Yes, the company stands by its false accusation. Nice company.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: due process, false accusation, file sharing, three strikes
Companies: baytsp, qwest


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Travis Miller (profile), 1 Feb 2010 @ 11:27am

    Insight does this too

    Insight Communications has a similar "five strikes" plan. Each of the first three results in service being cut off until you call them so they can explain stuff to you, then they turn it back on. The fourth gets your service suspended for a month. The fifth "may result" (their words) in you being banned from their service. With that intentionally weak wording, I'm not sure how often that gets handed out.

    I only got one strike from them. If I had to guess (from talking with them), the extra couple strikes they give you are for the benefit of the doubt with respect to open wifi and shared connections. They give you a chance to get informed about those things and how to deal with them, then after that you are on your own. Amusingly, the person I talked with told me several times about how they "have to do this" in order for them not to get in trouble. I might have given him a hard time about that if I didn't know that he was just some random guy reading a script off of his screen.

    link to this | view in chronology ]

  • identicon
    The Anti-Mike, 1 Feb 2010 @ 12:07pm

    This is terrible! How will I survive unless people are guilty until proven innocent?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2010 @ 12:21pm

    So? This is a war and in a war some innocent people will have their lives ruined. Big deal. Isn't it better for a few people to be ruined so sales of shiny plastic discs can return to their past glory?

    link to this | view in chronology ]

  • icon
    The Anti-Mike (profile), 1 Feb 2010 @ 12:26pm

    saying it was her own fault for having an open WiFi network, suggesting there's something inherently wrong with sharing your WiFi.

    There is nothing wrong with sharing you WiFi, but it's like letting someone else drive your car. Don't be shocked if you get a bunch of parking tickets or you car gets seized at the border full of pot or illegal aliens.

    At the end of the day, if her internet connection is that important to her, she should protect it.

    She was falsely accused multiple times, you would think that maybe she would take a minute to secure her connection.

    It's a nice attempt to paint the story as bad (the grandmother angle is so cute!), but the reality is this: She allowed anyone and everyone to use her access, and she is responsible for it.

    link to this | view in chronology ]

    • icon
      btr1701 (profile), 1 Feb 2010 @ 12:41pm

      Re: Responsibility

      > She allowed anyone and everyone to use her
      > access, and she is responsible for it.

      Not under the law, she isn't.

      Qwest may decide to impose that responsibility on their customers-- that's their right-- but that's a decision they may live to regret as those customers vote with their feet and walk away.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 12:41pm

      Re:

      The future will not be kind to the control freaks.

      link to this | view in chronology ]

    • icon
      Dark Helmet (profile), 1 Feb 2010 @ 12:49pm

      Re:

      "At the end of the day, if her internet connection is that important to her, she should protect it."

      It's amazing how reasonable you can make slapping a victim sound....

      "She was falsely accused multiple times, you would think that maybe she would take a minute to secure her connection."

      Sigh, perhaps, but it would also stand to reason that after accusing grandma multiple times, the ISP and the firm gathering the data might drop the big bad wolf act and reconsider their method for accusing people....

      "She allowed anyone and everyone to use her access, and she is responsible for it."

      This is getting dumb. Just because she makes the free choice not to lock up her connection shouldn't render her responsible for what others do. Oh, and going back to earlier in your comment:

      "it's like letting someone else drive your car. Don't be shocked if you get a bunch of parking tickets or you car gets seized at the border full of pot or illegal aliens."

      That isn't even close to the proper analogy. It's like not LOCKING your car and it gets stolen by someone who uses it to do all the things you said. Grandma is lending out her WiFi...she's just not locking it up. There is and should be no legal requirement to lock up what is yours, and not doing so, as in the case of the car, should not render you responsible for the actions of others.

      link to this | view in chronology ]

      • identicon
        Tyanna, 2 Feb 2010 @ 7:47am

        Re: Re:

        "Sigh, perhaps, but it would also stand to reason that after accusing grandma multiple times, the ISP and the firm gathering the data might drop the big bad wolf act and reconsider their method for accusing people...."

        Going further, maybe Grandma didn't actually know HOW to lock up her wifi. Maybe if someone from Qwest woke up they could have asked her if she needed help.

        Assuming that everyone who has internet access is tech savvy really only makes an ass out of everyone.

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 1:17pm

      Re:

      "here is nothing wrong with sharing you WiFi, but it's like letting someone else drive your car. Don't be shocked if you get a bunch of parking tickets or you car gets seized at the border full of pot or illegal aliens."
      --- Wrong.. you are implying that she gave permission for someone to use her WiFi. Leaving you car unlocked may be careless, but does not imply permission. Which, is a more accurate analogy of what she did in this case.

      "At the end of the day, if her internet connection is that important to her, she should protect it."
      --- So, she had it coming by not being savvy enough. Nice logic.

      "She was falsely accused multiple times, you would think that maybe she would take a minute to secure her connection."
      --- Actually that is a fact under dispute, so don't make the assumption that best suits your flawed argument.

      "It's a nice attempt to paint the story as bad (the grandmother angle is so cute!), but the reality is this: She allowed anyone and everyone to use her access, and she is responsible for it."
      --- Well, if your house ever gets robbed because you forgot to lock one of your windows or a door, don't bother to call the police or your insurance company to report the loss. It is implied that by leaving it unsecured you gave them permission to take whatever they could. If it was really important to you, you should have locked it, right?

      link to this | view in chronology ]

    • icon
      Alan Gerow (profile), 1 Feb 2010 @ 1:18pm

      Re:

      "At the end of the day, if her internet connection is that important to her, she should protect it."

      And how do you know she didn't? All the article states is: "and he discovered that her network had been compromised". It never said she had an unencrypted open WiFi network. Only that it was compromised ... she could have had a password that was cracked, a machine within her network could have been hacked or hijacked. Perhaps her ISP gave her a modem with an integrated WiFi router that was enabled without her knowledge.

      Though, if you lend out your car, you are responsible for parking tickets, but you aren't responsible if the person robs a bank and uses your car as a getaway car. And if your car is seized for human trafficking, you'll get it back after it's done being used as evidence. You're responsible for civil fines in cases where your property is left in public, but not criminal involvement from other persons using your property.

      And regardless, there are easy-to-understand processes in place for dealing with false accusations of parking tickets. You can fight a false accusation in court, and three parking tickets will not terminate your ability to drive a car. This grandmother would not have had any means of recourse had it not been for public outcry.

      Government officials recognize that denying convicted felons and sex offenders access to the Internet is too draconian ... yet being accused a couple times of downloading a song or movie using severely faulty identification techniques justifies terminating the ability for someone to function in an increasingly web connected world. That makes so much sense.

      Every web site you visit knows your IP address. A little spoofing, a couple e-mails, and The Anti-Mike may not be able to post any more comments to TechDirt for a while.

      link to this | view in chronology ]

      • icon
        The Anti-Mike (profile), 1 Feb 2010 @ 3:19pm

        Re: Re:

        Yawn.

        You guys are amazing.

        If the women had an open (or compromised) wireless phone on her phone line and someone ran up thousands of dollars of long distances, you know who would be on the hook, right?

        The first time, the phone company might eat it.

        The second time, they might eat it to.

        The third time, they are going to be less than interested in eating it.

        After numerous times, you really think they are going to want to keep paying?

        Every web site you visit knows your IP address. A little spoofing, a couple e-mails, and The Anti-Mike may not be able to post any more comments to TechDirt for a while.

        I DARE YOU.

        link to this | view in chronology ]

        • icon
          Alan Gerow (profile), 1 Feb 2010 @ 3:24pm

          Re: Re: Re:

          "I DARE YOU."

          Sorry, I don't follow Playground Rules. Just because you dare me doesn't mean I care enough to follow through. :P

          AND SHE DIDN'T HAVE AN OPEN WIFI CONNECTION! Read the damned articles. She said she did her best to close it. Qwest sent her a modem with WiFi built-in. She did her best to secure it.

          So:

          1. Qwest provided the compromised hardware and didn't secure it by default.

          2. She did her best to do Qwest's job by securing their hardware.

          3. The hardware was compromised.

          She didn't even use the WiFi, so I doubt she would have turned it on. She networked her computer to the modem/router directly. It's Qwest's fault for giving out compromised equipment. So why should she suffer for it?

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 1 Feb 2010 @ 3:33pm

            Re: Re: Re: Re:

            Sorry, I don't follow Playground Rules.

            Uh oh, little TAM's gonna poo his pants now.

            link to this | view in chronology ]

          • icon
            The Anti-Mike (profile), 2 Feb 2010 @ 1:45am

            Re: Re: Re: Re:

            Any modem with wireless (especially if she isn't using it) can have the wireless turned off. The modem is likely from a company like 2wire or similar, and disabling the wireless is a single check box and the things turns off.

            Also, the companies don't send these wireless units out without putting WEP or similar on them.

            Again, if this happened once, it might be something. That it happened over and over again shows someone who wasn't taking care of the situation and wasn't asking for a resolution to an issue. I am sort of amazed that you think someone should not at all be responsible for anything, even as they watched it happen over and over again.

            Does Quest have some responsibility? Yes. But the end user has at least part of the responsibility as well.

            Oh yeah, I still dare you. You are a big talker, now show us how you do it.

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 2 Feb 2010 @ 6:52am

              Re: Re: Re: Re: Re:

              Also, the companies don't send these wireless units out without putting WEP or similar on them.

              If they're sending them out with WEP enabled then they are indeed sending them out unsecured.

              link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2010 @ 4:21pm

          Re: Re: Re:

          There goes our TAMMY, flailing around with the fail.

          link to this | view in chronology ]

        • icon
          harbingerofdoom (profile), 1 Feb 2010 @ 5:10pm

          Re: Re: Re:

          hypocrisy...

          its not just for breakfast anymore....






          (although, you really should cut back.. you have been binging on it lately)

          link to this | view in chronology ]

        • icon
          PaulT (profile), 2 Feb 2010 @ 1:58am

          Re: Re: Re:

          "I DARE YOU."

          Part of me wishes that somebody would take you up on the offer. Sadly, we'd not get to witness your impotent rage as you're subjected to the punishments you advocate for others. After all, if your IP address was accused 3 times of the "crime" then you MUST be guilty of something, right?

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 Feb 2010 @ 7:54am

          Re: Re: Re:

          "I DARE YOU."

          Those are very dangerous words to use on the internet. Be careful little troll....there are much bigger trolls out there that would be more than happy to take you up on that.

          link to this | view in chronology ]

    • icon
      Emo the Libertarian (profile), 1 Feb 2010 @ 2:24pm

      Re:

      Thats kinda like the old rape defense there TAM... Well look at how she's dressed... she was asking for it... how dare she... its not my fault...

      People stopped using it because it stopped working, well your and the industries speil are not working so think you can stop too??


      Fail Again... You trying for a trolling record?

      link to this | view in chronology ]

    • icon
      Alan Gerow (profile), 1 Feb 2010 @ 3:06pm

      Re:

      Actually, at the end of the story is says:

      "She says she did her best to lock down her network, but she acknowledges that she's not an expert."

      So, she was falsely accused AND she had locked down her network. Outside of everyone who wants to get on the Internet having a Masters Degree in Network Security, what is the logical point that she has done enough to protect herself? A smart hacker will break any security, so you just need to live next to a bunch of dumbasses?

      link to this | view in chronology ]

    • icon
      Richard (profile), 1 Feb 2010 @ 4:20pm

      Re:

      but the reality is this: She allowed anyone and everyone to use her access, and she is responsible for it.
      Actually we don't know that. (There is no way of knowing it.) The company that accused her is claiming that that must have happened because it sort of gets them off the hook. However it is also more than possible that their system has a bug in it.

      link to this | view in chronology ]

    • icon
      Bob Bunderfeld (profile), 1 Feb 2010 @ 4:39pm

      WiFi Security

      You sir, are a fool.

      Your correlation between letting someone drive your car and her letting others use her WiFi is complete and utter rubbish. If you want a real correlation, it would be more like, her care getting STOLEN because she left the keys in it, and then it being used to commit one of the crimes you listed. While leaving your keys in the car is foolish, it is NOT against the law. A person cannot be held liable for another persons criminal acts unless a iron-clad connection can be made to show that the person not committing the crime knew the crime was being committed or should have known the crime was being committed.

      No where in any of these ACCUSATION cases are any of those being punished, are they being charged with a crime and being found guilty of said crime. Nowhere in our Legal System is there room for ACCUSATIONS and Punishment without proving those Accusations in a Court of Law.

      What will eventually happen is one of these cases will make it's way to the Supreme Court and all the Justices will find for the accuser. Our Nation is a Nation of Laws, not a Nation of Accusations. Companies that threaten people with Punishment or BlackBalls will be found to have acted without any DUE DILIGENCE or PROCESS, and they will feel the sting of the High Courts ruling in their Pocketbooks when the Court will let stand the HIGH Payout for acting OUTSIDE our Legal System in these matters.

      If the RIAA/MPAA want to make these Civil Cases into Criminal Cases then they will find that they will be paying a HIGH PRICE when it comes to falsely accusing and punishing people who DID NOT commit the crimes they are accused of.

      As for you, you should seriously do some study on what happens when ANYONE or ANY CORPORATION acts without DUE CAUSE or PROCESS.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2010 @ 5:12pm

        Re: WiFi Security

        I await with bated breath for TAM's response. Chance of happening: 0%.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2010 @ 6:29pm

        Re: WiFi Security

        Actually, in some areas leaving your keys in your car will result in a fine. Stupid, yes, but they say it's to lower the crime rate by not enabling the criminals.

        link to this | view in chronology ]

        • icon
          PaulT (profile), 2 Feb 2010 @ 1:55am

          Re: Re: WiFi Security

          Actually, that makes sense to me, if only because a stolen car can be used to cause real damage, unlike a shared MP3.

          link to this | view in chronology ]

      • icon
        nasch (profile), 2 Feb 2010 @ 7:55am

        Re: WiFi Security

        You sir, are a fool.

        "Tool" starts with a "t". HTH. ;-)

        link to this | view in chronology ]

    • identicon
      :), 1 Feb 2010 @ 11:51pm

      Re:

      Please demonstrate how you would secure your land connection and your WiFi connection.

      Further some more little questions that all IT managers know the answers to:

      - What are the steps to change a MAC address.
      - What are the steps to hide your MAC address from the network.
      - What are the steps to change an SSID.
      - Which are the steps to add rules to a firewall.
      - What is a DMZ.
      - How do you set up a DMZ.
      - How do you control access to the OSI layer 7.
      - What are the steps required to test your security?
      - How do you setup probes to warn you about intrusion?
      - How to distinguish normal traffic from attacks.
      - How do you install IDS(Intrusion Detection System), NIDS(Network Detection System), HIDS(Host Intrusion Detection System) and which one?
      - What are the steps to signing cryptographic public keys?
      - Which encryption protocol do you choose?
      - How to setup a DNSSEC?
      - Which is more secure WEP or WAP?
      - What internal address the router uses? it is IPv4 or IPv6?
      - What are the steps required to limit the number of wrong password attempts on a router provided by the ISP?
      - How do you reset a router?
      - How do you reset the password for a router?
      - how do you counter MAC spoofing?
      - how do you check your firewall configurations?
      - how do you check your routers configurations?
      - how do you test all of that?

      This is not all you have to know to secure your network is just part of it, now how a layman is suppose to know all of that when even for hardened IT personnel is difficult?

      link to this | view in chronology ]

      • icon
        The Anti-Mike (profile), 2 Feb 2010 @ 1:56am

        Re: Re:

        The answers are frighteningly easy.

        "As an end user, you don't need to know".

        A standard user, with a wifi set with WEP (default active from the cable or DSL company), with a standard anti-virus, firewall turned on, updated regularly has nothing more they need to know, unless they want to run specialized software.

        The rest of your questions are things that end users don't generally need to know. WiFi routers/modem combinations (2wire is a commonly used company for this) are shipped to the user pre-secured already. The Wireless is secured with a significant security key, and the only way to access the modem otherwise is via hard wire. While the wireless key isn't impossible to hack, it's a pretty long key, and the time to test a key is long enough to make brute force hacking a pretty useless way to get in, and most of the tools to hack WEP require that there are active users on it (which there was not in this case). For example, the WEP key (default) on my 2wire is 26 characters. The total clicks required to turn off wireless is 3, and could easily be explained by technical support.

        link to this | view in chronology ]

        • icon
          PaulT (profile), 2 Feb 2010 @ 2:02am

          Re: Re: Re:

          "A standard user, with a wifi set with WEP (default active from the cable or DSL company),"

          Wow, you *are* dumb. WEP is ridiculously easy to crack. Maybe not for tech idiots like yourself, but anyone can do it in a few minutes with the correct tools.

          First result in a Google search (that returned 1,390,000 results despite me somehow mistyping WEP), read it and learn:

          http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack

          link to this | view in chronology ]

        • identicon
          :), 2 Feb 2010 @ 2:43am

          Re: Re: Re:

          I'm WEPing because of you right now :(

          OMG!

          YouTube: Cracking WEP in under 4 minutes

          You are the old lady and don't even realize.

          link to this | view in chronology ]

        • identicon
          :), 2 Feb 2010 @ 3:44am

          Re: Re: Re:

          Have you met anyone in your life capable of solving some problem that they don't understand?

          If I get a car(PC) exactly like yours and put your plate numbers(MAC) on it and use it to commit crimes would you like to be punished for it? would it be fair?

          Cameras on the street showed that your car did it based on the plate numbers(logs of the MAC address).

          If someone hijacked your car(PC) and used to do some crimes would you be willing to accept full responsibility for somebody else actions? I doubt that.

          How layman's will know they have been hijacked, impersonated or there was some mistake elsewhere if they don't know how things work?

          You just proved to everyone here that you know just as much as the old lady and probably would have fallen victim too and could be easily in her situation, and is just luck that you are not.

          link to this | view in chronology ]

    • identicon
      twitter, 3 Feb 2010 @ 7:16am

      I'm not responsible for you.

      No, it's more like someone used your copy machine to share books with the poor or someone was singing in your front yard. You are not responsible for that but sharing is good. It is a shame that ISPs want to punish people for doing nice things for their neighbors. Why do you think that sharing is like murder, theft and drug trade?

      link to this | view in chronology ]

  • identicon
    Freedom, 1 Feb 2010 @ 12:30pm

    Responsibility

    Interesting story ...

    I wonder what the legal issues are for Qwest to disconnect her without being convicted. Probably little to none, but black-listing her in the industry would definitely qualify for some fun legal work.

    On the flip side, she is responsible for her home setup. If the terms and conditions of using Qwest Service states that such abuse is not acceptable, then she really needed to take the steps to ensure her home setup was secure (systems, network, etc.).

    It is going to be an interesting world soon. Soooo many IP devices going into each home and so many potential holes to be abused.

    I'm also surprised that Qwest which was the only TelCo to stand up to the Government for spying is now in the forefront of tossing folks off the Internet without proof - seems a bit ironic to me.

    In the end, sure seems like IPv6 could solve or help this issue - give every device a real IP and then Qwest could easy pinpoint the real cause/device.

    Freedom

    link to this | view in chronology ]

    • identicon
      TheStupidOne, 1 Feb 2010 @ 12:54pm

      Re: Responsibility

      "black-listing her in the industry would definitely qualify for some fun legal work."

      I was wondering about that myself. If she was blacklisted and she sues Quest for libel, or something similar, wouldn't this info all come out and Quest get a huge smackdown?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2010 @ 12:49pm

    Sue BayTSP for depriving her of income?

    Seems like the way to go, hold BayTSP responsible for her loss of income.

    link to this | view in chronology ]

  • icon
    Killer_Tofu (profile), 1 Feb 2010 @ 12:52pm

    A Better Response from Qwest

    What Qwest should have done was after a couple times of it looking like she is file sharing but insisting she is not, is they should have offered free tech advice on how to lock down the router.
    We shouldn't have to worry about such things in an ideal world, but if Qwest is really going to get their panties in a bunch about something as trivial as downloading then they should offer to help her out.
    You guys can point your fingers at her and say its her responsibility and everything, but that doesn't mean she knows how.
    Or they could take both roads, be helpful and condescending:
    http://lmgtfy.com/?q=how+to+secure+a+router

    link to this | view in chronology ]

  • icon
    VicMatson (profile), 1 Feb 2010 @ 12:55pm

    Fear mongering about unsecured connections is in the ISP's interest. They sell more when everyone is scared. This is just like Comcast's 250 GB cap that I don't come closed to, but secure my connection just in case dozens of people steal.

    link to this | view in chronology ]

  • identicon
    Legal Eagle?, 1 Feb 2010 @ 1:01pm

    Libel? Slander?

    So, if the accusation was without merit and was passed by BayTSP, isn't that slander? How is that different than me spreading the rumor that YOU have sex with farm animals? It's either slander or libel.

    If Qwest then goes and blacklists her, then they are guilty of slander or libel as well with responsibility for any and all loss of income damages.

    If they fail to do the proper checks, it should also qualify as conspiracy.

    Of course, since the RIAA and MPAA are the largest rackeetering organizations on the planet, the chances of any ACTUAL legal wetwork is minimal.

    PROTECT THE CHILDREN!

    STOP THE TERROR!

    (Insert new buzzword scapegoat here)!

    link to this | view in chronology ]

  • identicon
    Anon coward, 1 Feb 2010 @ 1:13pm

    The Anti-Mike said:" "saying it was her own fault for having an open WiFi network, suggesting there's something inherently wrong with sharing your WiFi." There is nothing wrong with sharing you WiFi, but it's like letting someone else drive your car. Don't be shocked if you get a bunch of parking tickets or you car gets seized at the border full of pot or illegal aliens. " Last time I bought a Car it had a key that belonged only to me... my router... not! Maybe the router companies should ship their hardaware with preset random passwords...

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 1:31pm

      Re:

      Last time I bought a Car it had a key that belonged only to me...

      Oh? How do you know?

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2010 @ 1:16pm

    Customers should be quiet and obedient when they are reamed. They have no other purpose but to sweat money for my Swiss bank account
    /sarc

    link to this | view in chronology ]

  • icon
    Jimr (profile), 1 Feb 2010 @ 1:35pm

    Humm...so Google was never hacked... it was their fault there data and email accounts where compromised? It is there business so they should have protected it?

    If a billion dollar tech company, Like Google, can not have 100% security what hope in hell does the average Joe have?

    Given security holes in windows the ISP should just cut you off because you are running windows. After all you should protect yourself and not run such a inferior OS. Given that any OS may have unknown security hole they should just cut everyone off.

    link to this | view in chronology ]

  • identicon
    Freedom, 1 Feb 2010 @ 2:02pm

    Middleman...

    The core issue with this is that the ISP is being put in a middle-man position. They can't win but get blamed for beating up on poor dumb Grandma.

    Take the ISP out of it and put the blame where it belongs - let the accuser go after the IP owner with proof and in a court where this belongs and things get a lot clearer.

    Either way, her issues remains and it is in her best interest to ensure her home network doesn't abused.

    Freedom

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 2:13pm

      Re: Middleman...

      Either way, her issues remains and it is in her best interest to ensure her home network doesn't abused.

      Well, yeah, like it's also in rape victim's best interest to ensure they don't get raped.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2010 @ 2:14pm

    To everyone repeating the same "kicking grandma without proof" nonsense, they didn't. They had proof. The activity was coming from her account, her IP. Is that proof that Grandma herself was personally infringing? No, but they didn't take actions against Grandma's computer, they took actions against Grandma's account. The infringing account had action taken against it, and that's not nearly as unfair or crazy as some of you seem to think. They took action at the lowest segment of their network that they could to stop the infringement, which meant Grandma's home network got cut off. It's not the ISP's job to care exactly what(or whose) computer is infringing, it's their job to identify what account on their network is infringing, and take steps to correct it.

    Would it be *nice* of them to try to help Grandma identify the unauthorized use of her personal network? Probably. Is that their responsibility? No.

    Your home network is Your responsibility, not the ISPs. If you are able to hand that responsibility off to some other company or consultant by having them take care of it for you, that's great, but when grandma buys a router for $40 at Staples and thinks that she's a qualified network administrator, she might experience the consequences. It's nothing personal grandma, it's just the way it is.

    It is NOT the ISPs responsibility to know WHO is requesting information on grandma's account. It doesn't matter if it's grandma, or the punk that lives next door leeching her wireless, they service the account and they punish the account.


    Think of it like this. Let's say you have an e-mail address. Unbeknownst to you, someone else has your e-mail password and not only do they check your e-mail, but they generate e-mail of their own. Including sending messages to less than reputable people, your coworkers, friends, family, etc. They actually go and say some pretty mean things, and call your boss names and harass family members. Now, let's say you get fired for the outbursts toward coworkers, creating hostility, etc. Not only were you fired, but close family members are now upset at the things that 'you' said, and there's some chaos in the air. People don't like you too much right now.

    Now, that totally sucks that you got fired. And you can go and explain that it wasn't you that sent them, and with proof a reasonable organization would probably hire you back, expecting you to prove it wasn't you and taking steps to ensure that this doesn't happen again. Yes, you would likely be expected to prove that it wasn't you. Because the authentication in the first place (e-mail credentials) acts as the first set of proof that it Was you.

    Would you blame the organization? Because to them, it was YOU doing outrageous things, and they had to take action. Would you blame your family for being hurt/upset? Someone with your credentials, with your access. It looked like it was you doing it, and it's unreasonable to think that they should have just instantly known it wasn't you. You had a responsibility to keep your credentials private, and in failing you may have hurt (or at very least confused) those around you.



    It is the user's responsibility to keep their home network secure. Yes, there are a million people that know Nothing about how to do that, and many try to do it themselves anyway. Yes, most home networks are incredibly easy to crack into (less than 5 minutes with the right tools). But that doesn't mean the responsibility isn't there, and that doesn't mean there aren't real consequences to failing that responsibility.


    Is trying to blacklist her probably overboard? Of course. But then again, it's probably nothing personal and just the end result of some rule in some company policy manual somewhere. There are always situations which need unique consideration which is robbed by blindly following company policies, but unfortunately the people who make the policies tend to not encounter these situations personally unless there's a lawsuit involved.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 2:22pm

      Re:

      To everyone repeating the same "kicking grandma without proof" nonsense, they didn't. They had proof.

      Says who, my little shilling friend?

      The activity was coming from her account, her IP. Is that proof that Grandma herself was personally infringing? No, but they didn't take actions against Grandma's computer, they took actions against Grandma's account.

      No, they took action against *Grandma*. Or would you have believe that they would have been perfectly willing to let *Grandma* open a new account (even while they blacklisted her with other providers)?

      Man, you industry shills really take the cake.

      link to this | view in chronology ]

      • identicon
        The AC you responded to above, 1 Feb 2010 @ 4:55pm

        Re: Re:

        You don't have to be a shill to say that the activity on grandma's network is her responsibility, even if she's not educated/equipped to properly deal with it. In fact, I've never even been a satisfied customer when it comes to ISPs. But I do know networking, and the responsibility of the actions within the home network belongs to the owner of said network.


        It would be absolutely damning if there were documents called Terms of Service, and Acceptable Use Policies that define certain activities which are prohibited and define who is responsible for the actions of the account.


        I bet the ISP is evil yet again, because grandma agreed to terms without reading them. Say what you want about contracts and ToS and big business, and all that crap that you conspiracy folk like to do, that doesn't mean the company wasn't within their rights to act how they did.


        As someone pointed out earlier, this story is only here because of the cute "grandma" spin to it. I don't see a story here every time someone has their "identity stolen" and suffers some true hell and ruin. Much more important stories, but not nearly as much fun for you guys to cry about.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2010 @ 6:22pm

          Re: Re: Re:

          "I don't see a story here every time someone has their "identity stolen" and suffers some true hell and ruin. Much more important stories, but not nearly as much fun for you guys to cry about."

          When you run Techdirt, you can pick the stories. Until then, try starting your own blog (that I doubt anyone but yourself would read).

          link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2010 @ 6:28pm

          Re: Re: Re:

          You don't have to be a shill to say that the activity on grandma's network is her responsibility,...

          But it sure helps, doesn't it?

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 2:26pm

      Re:

      "Think of it like this. Let's say you have an e-mail address. Unbeknownst to you, someone else has your e-mail password... blah blah blah..."

      Think of it like this. Let's say you have a car. Someone steals your car and uses it to commit a crime...

      link to this | view in chronology ]

      • identicon
        The AC you responded to above, 1 Feb 2010 @ 5:05pm

        Re: Re:

        You're not very good at the Metaphor thing.

        The e-mail metaphor is much, Much more fitting. It's not physical theft that's the issue here, it's not someone's house being broken into. The issue at hand is a matter of mistaken/"stolen" identity, which is what the e-mail metaphor demonstrates. I suggest you read it again.

        As the question above asked, could you blame your employer for taking corrective actions when they believed that you were acting inappropriately and in a way that required corrective actions?

        Grandma has a responsibility for the security of the account, and she failed that responsibility. Some kid used her account to act in a way that violated the ToS and AUP of the company, so they shut down the account to stop the violating actions.




        Or, if you're absolutely stuck on the "car" metaphor, at least get it right. This is much more as though someone with the same model/color car as you made a copy of your license plate and was caught by a redlight camera. The police writing the ticket don't necessarily know who's driving (downloading), but they're going to write the ticket to the registered owner of that license plate.

        Do you blame the cops for not knowing that it grandma in the driver seat? ...I really hope not.


        The difference in this latest metaphor being that, in this imaginary case, it's not the grandmother's fault for the mix-up. In the real case, the grandmother has accepted the responsibility for all actions on the account (according to their ToS and AUP), and failed to secure it.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2010 @ 6:40pm

          Re: Re: Re:

          You're not very good at the Metaphor thing.

          I rather think that you just don't like metaphors that don't go your way.

          Now let's say that her stolen car was used in a drive-by shooting resulting in a capital murder.

          Do you blame the cops for not knowing that it grandma in the driver seat? ...I really hope not.

          So, the cops should automatically charge her and should she be executed on the mere basis of an accusation with no due process, eh? Yeah, I can see that's what you would hope for. You people are scary.

          link to this | view in chronology ]

          • identicon
            The AC you responded to above, 1 Feb 2010 @ 7:15pm

            Re: Re: Re: Re:

            You need to learn how to think in logical steps, and not wild jumps.

            I explained why the metaphor used is faulty (ie, this is not physical theft, but mistaken identity), and you still can't figure it out.

            But let's assume, for a second, that we *HAVE* to stick with your weak metaphor. Think about it one step at a time and you'll still justify the actions taken:



            Let's say someone steals her car and uses it in a drive-by shooting, resulting in a capital murder. There's a photograph (ISP logs) connecting her car to scene the murder. Would the cops be wrong to show up at her door and take her into the station for questioning?

            So what would be the end result? They question her, she claims her car was stolen before hand, and some sort of evidence of this claim is substantiated before she's in the clear and they keep looking. Grandma lives, hurray!



            In this case, there's no obligation to see if grandma was shooting or not, as it is the ACCOUNT OWNER that is responsible via the traffic and terms of service, NOT the person. This is why this metaphor is so poor. They didn't come to grandma's house and destroy her ability to use the internet ever again anywhere, they disabled the account that was violating the policy. And where she had agreed to full responsibility for the actions of her account, there is no similar agreement with possession of a car (not to mention that the car isn't the thing responsible for the murder, but the gun is, so a hit-and-run would have made more sense).


            It's been cleared up. Grandma has her internet back (and an attorney, thanks to our sue-happy society) after they've concluded that she wasn't the one doing it. Network compromise was blamed and presumably grandma should have it fixed. In metaphorical terms, she was found not guilty and returns to the streets.



            People have their "identities stolen" (I fully agree that it ought to be called "bank robbery" and treated as such instead), very often, and the effects can literally destroy lives and cause major problems for the victims. But hey, who cares about that....this lady almost had her internet shut off due to a similar problem of stolen credentials that she helped create (by having an insecure network)

            link to this | view in chronology ]

            • identicon
              Anonymous Coward, 1 Feb 2010 @ 7:33pm

              Re: Re: Re: Re: Re:

              You do realize that the majority of networks in the future will be insecure, right?

              link to this | view in chronology ]

              • identicon
                The AC you responded to above, 1 Feb 2010 @ 7:44pm

                Re: Re: Re: Re: Re: Re:

                The majority of networks *at present* are insecure. This is not news, but it does not absolve network owners of the consequences of their traffic.


                So, Yes, I realize that the majority of networks in the future will be insecure as well.

                link to this | view in chronology ]

            • identicon
              Anonymous Coward, 1 Feb 2010 @ 8:00pm

              Re: Re: Re: Re: Re:

              So what would be the end result? They question her, she claims her car was stolen before hand, and some sort of evidence of this claim is substantiated before she's in the clear and they keep looking.

              They didn't question her. They summarily executed her on an accusation. And there wasn't even a "photograph", just someone's *claim* that they saw her license plate at the scene.

              Grandma lives, hurray!

              In the afterlife. What great justice. Kill 'em all and let God sort 'em out, huh?

              It's been cleared up. Grandma has her internet back

              Only because she got "special" attention that raised her from the dead. That's not how it works for most people.

              link to this | view in chronology ]

    • icon
      Mike Masnick (profile), 1 Feb 2010 @ 3:22pm

      Re:

      To everyone repeating the same "kicking grandma without proof" nonsense, they didn't. They had proof.

      No, that is incorrect. They had an IP address. That is not proof of very much at all. Is it possible that there was an issue on her account? Yes, perhaps, but that is not proof.

      The infringing account had action taken against it, and that's not nearly as unfair or crazy as some of you seem to think.

      When it punished an innocent person, why yes, that does seem quite unfair.

      It's not the ISP's job to care exactly what(or whose) computer is infringing, it's their job to identify what account on their network is infringing, and take steps to correct it.

      No, that is not an ISPs job at all. They have no legal responsibility to do so at all.

      Would it be *nice* of them to try to help Grandma identify the unauthorized use of her personal network? Probably. Is that their responsibility? No.

      Would it be *nice* of an ISP to act as copyright cop for an obsolete industry? Probably. Is that their responsibility? No.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2010 @ 4:23pm

        Re: Re:

        It's also not in their financial interest to do so, short of changing the law.

        link to this | view in chronology ]

      • identicon
        The AC you responded to above, 1 Feb 2010 @ 5:46pm

        Re: Re:

        I would expect that Qwest has at least basic logging enabled. Is that an unfair assumption? The tech, in their e-mail response, showed the user all the IP's that'd been assigned in the last 30 days for her account, so I don't think this assumption is unfounded. If you don't think that the ISP can verify the likelihood of the *18* different accounts of downloading copyrighted materials, then I believe you underestimate the information available to your ISP.

        For those who don't know, everything that you do online, every connection you make, every packet you send or receive, can be monitored/logged/etc through your ISP. Now, I think it's fair to say that for the most part they don't log most things, and mostly don't care. But after 18 accusations of violating actions on her account, I would venture a guess that they were able to actually verify the activity. Call me a shill if you wish, but it's hardly crazy talk.




        I think it's a bit of a stretch to call her "innocent" in this case. I love grandmothers as much as the next guy. Heck, I still have one left and I love her. But when this grandma failed to secure her network, "innocence" becomes a little fuzzy. She agreed to take responsibility for all actions under her account, and as soon as they held her to this she flipped out. Yes, her account abuse was not intentional on her part, but ignorance is no excuse for a failure to meet the responsibilities you agreed to. If you're not able to run a network correctly, you shouldn't run one at all.



        "No, that is not an ISPs job at all. They have no legal responsibility to do so at all."

        You may be right here. They may have no legal responsibility to do so. However, you'll notice the e-mail posted on the article has 'DMCA' in the title, which may be an indication that the account was not only downloading content, but also disseminating it (peer to peer being very likely here). Depending on the actual traffic that was present, they may in fact had a legal responsibility to disable the account.

        Regardless of whether they "have to" take action on the matter, they do have Acceptable Use Policies and Terms of Service, which give them the legal right to take actions against users who violate these policies. They may not be obliged to act at all on this matter, but it generally is the ISP's job to enforce its terms and policies, which is precisely what it did here. I have no idea why you guys think this is a problem.



        It's not like they're randomly picking on this lady. This lady agreed to full responsibility for the actions of her traffic ("her traffic" defined as all traffic to her account, in this case her unsecured network). This traffic violated the policies of the service provider. The provider took action against her account for violating these policies. It's unfortunate that this grandmother's network was compromised, and I hope she gets that taken care of. But this is hardly big bad corporate america beating up on some innocent old lady just for giggles.



        But of course, this site especially loves to bash and laugh at the recording/movie industry representatives, so this is just another change to get a dig in. I don't really care about those industries, as I listen to Pandora radio at work and rarely go to see movies, but this site is always super quick to get some kind of dig in on them. Those old antique idiots protecting their money! They suck!

        However, keep in mind that the source really doesn't matter here, except to help ensure bashing. If I were your neighbor and I knew that you were constantly breaking the terms of your service and reported you 18 times for it, and the ISP could verify the violations, it would probably generate similar actions against your account.

        link to this | view in chronology ]

        • identicon
          Another AC, 1 Feb 2010 @ 6:35pm

          Re: Re: Re:

          It's nearly impossible to take you seriously when you spew out such nonsense as has been consistently debunked on this website. An IP is not proof, it can be spoofed. Logging doesn't help that matter in the least. Show me where it does.

          As to DMCA requiring the ISP to act? It does not. It requires the owner of the account to act. Maybe. If you can prove it. The ISP's actions are their own, and just serve to piss off their customers.

          link to this | view in chronology ]

          • identicon
            The AC you responded to above, 1 Feb 2010 @ 7:42pm

            Re: Re: Re: Re:

            That's an interesting idea. Spoofing IPs isn't necessarily rocket science, when it comes to compromised (or perhaps just intentionally evil) mail servers, or the use of a 3rd party proxy. If you think, however, that the ISP can't keep track of the IPs and routers/modems that it owns as part of its direct network, then I'm afraid I have to believe you're just grasping at the smallest of the smallest possibilities for an excuse to save grandma. Throw in that there were 18 different complaints, which very likely were not *all* to the same exact IP but were all linked to her account, and you've got such a tiny chance here. Not impossible, that's true, but improbable.

            Throw in logs of traffic/connections, and you'd have plenty of evidence to prove if the accusation is accurate or not. Regardless of what the rest of the world sees, internal logs can show whether said traffic was going to grandma's modem or not.

            Unless you think that the ISPs internal routers and name servers were hacked to specifically set grandma up. This is an interesting theory.



            Your approach to DMCAs is very interesting, and works to prove your (lack of) knowledge and experience. ISPs take down sites every day upon receiving DMCAs, then allowing the account owner to refute the claim if they want, possibly getting the content re-enabled.

            As an easy example of how misinformed you are, you are suggesting that YouTube videos are taken down by account owners after YouTube e-mails them to let them know that they accidentally infringed on copyrights and that the rightholder sent a DMCA.


            Reality is, buddy, that the service provider takes down content immediately to cover their own asses (OCILLA), and only after an appeal will contested content be re-enabled. In this case, it wasn't a website that was infringing, but the traffic on her account that may have needed to be disabled (depending on whether or not there was a valid DMCA in this case, which we're still somewhat speculating on).


            Please go read the DMCA and OCILLA articles on wikipedia to get your feet wet before you jump in and drown.

            link to this | view in chronology ]

            • icon
              nasch (profile), 2 Feb 2010 @ 8:02am

              Re: Re: Re: Re: Re:

              Reality is, buddy, that the service provider takes down content immediately to cover their own asses

              Take down content, yes. I have never heard of a provision of the DMCA or any other US law requiring ISPs to cut off internet access.

              According to Wikipedia:

              "DMCA Title II, the Online Copyright Infringement Liability Limitation Act ("OCILLA"), creates a safe harbor for online service providers (OSPs, including ISPs) against copyright liability if they adhere to and qualify for certain prescribed safe harbor guidelines and promptly block access to allegedly infringing material (or remove such material from their systems) if they receive a notification claiming infringement from a copyright holder or the copyright holder's agent. OCILLA also includes a counternotification provision that offers OSPs a safe harbor from liability to their users, if the material upon notice from such users claiming that the material in question is not, in fact, infringing. OCILLA also provides for subpoenas to OSPs to provide their users' identity."

              Nothing about removing internet access from a user. If there is something in the law I have missed please point it out, but I'm pretty sure the DMCA has nothing to do with this situation and Qwest decided to take this action of their own free will, with no legal obligation to do so.

              It is almost certainly within their rights to do so, but that does not make it ethical or smart.

              link to this | view in chronology ]

        • icon
          Mike Masnick (profile), 1 Feb 2010 @ 10:31pm

          Re: Re: Re:

          I think it's a bit of a stretch to call her "innocent" in this case. I love grandmothers as much as the next guy. Heck, I still have one left and I love her. But when this grandma failed to secure her network, "innocence" becomes a little fuzzy. She agreed to take responsibility for all actions under her account, and as soon as they held her to this she flipped out. Yes, her account abuse was not intentional on her part, but ignorance is no excuse for a failure to meet the responsibilities you agreed to. If you're not able to run a network correctly, you shouldn't run one at all.

          This is simply untrue. Section 230 of the CDA makes it clear that the network operator is not liable for the actions of users on the network. Why do you suddenly want to assume otherwise?

          But of course, this site especially loves to bash and laugh at the recording/movie industry representatives, so this is just another change to get a dig in. I don't really care about those industries, as I listen to Pandora radio at work and rarely go to see movies, but this site is always super quick to get some kind of dig in on them. Those old antique idiots protecting their money! They suck!

          Weird. This is simply untrue and an odd and vaguely moronic statement. We spend an awful lot of time showing success stories in the entertainment industry. We have no interest in getting "digs" in. But we will point out activity that we believe is wrong. You can disagree but to suggest questionable motives is ridiculous.

          Is that really the best you can do?

          link to this | view in chronology ]

          • icon
            The Anti-Mike (profile), 2 Feb 2010 @ 4:05am

            Re: Re: Re: Re:

            Mike, how the heck can you think that an end user suddenly qualifies for 230 protection? An internet connection (private) is the end of the line. It's like a phone. If you allow anyone and everyone to make long distance calls on your phone, you are responsible. If you allow people to access the internet via your private (non-commercial) connection, you are responsible in the same manner.

            Attempting to stretch 230 into this the reason why 230 will in the end fail, because people like you attempt to apply it where it doesn't apply at all.

            link to this | view in chronology ]

            • icon
              PaulT (profile), 2 Feb 2010 @ 4:58am

              Re: Re: Re: Re: Re:

              Funny how you chose to answer a post made by Mike 6 hours previously rather than address any of the pwnage you experienced elsewhere in the thread. Anyway...

              "An internet connection (private) is the end of the line."

              No, it's not. The *entire purpose* of a wireless router is to broadcast data to other machines. It is not the terminating device, and therefore is not the same thing as a telephone. It's more like a telephone exchange.

              "If you allow people to access the internet via your private (non-commercial) connection, you are responsible in the same manner."

              If you give express permission and have knowledge of what they are going to do, yes. If it is hacked without your knowledge, no. Go and enjoy your super-secure WEP connection before someone shows you how dumb you are on this issue.

              link to this | view in chronology ]

            • identicon
              Anonymous Coward, 2 Feb 2010 @ 6:56am

              Re: Re: Re: Re: Re:

              Mike, how the heck can you think that an end user suddenly qualifies for 230 protection? An internet connection (private) is the end of the line. It's like a phone.

              This Anti-Mike person is a real idiot.

              link to this | view in chronology ]

    • icon
      Richard (profile), 1 Feb 2010 @ 4:37pm

      Re:

      They had proof. The activity was coming from her account, her IP.

      What you call proof was generated by software.
      All software has bugs in it.
      I'll say that again:
      All software has bugs in it.

      I have seen some interesting research that demonstrates that mission critical software from some of the largest companies on the planet has bugs in it that affect it's main outcomes.

      So what they have might be evidence but it is not proof.

      To get something like proof you need to forensically analyse her machine. As for whether someone hijacked her wireless network - well that's just a conjecture suggested by her accusers to explain how it's her fault she was falsely accused rather than theirs.

      link to this | view in chronology ]

      • identicon
        The AC you responded to above, 1 Feb 2010 @ 6:12pm

        Re: Re:

        While "all" is obviously incorrect, I will totally concede that an awful lot of software does contain bugs. And yes, there are most probably bugs in mission critical software. Absolutely!

        Unfortunately, bugs in mission critical software doesn't really mean anything in regards to this situation. Unless you feel that the presence of bugs in certain mission critical software proves that all of the logs and forensics available to this ISP are inaccurate, fabricated or unreliable? That's a pretty wild jump, in my opinion.

        If I say that I can do a backflip, but you say that "most people can't", does that really prove that I can't? This is how your argument sounds so far....a bit weak.


        Secondly, you say that it "...might be evidence but it is not proof." The primary definition of "proof" is (taken from merriam-webster.com) "the cogency of evidence that compels acceptance by the mind of a truth or a fact." Most people are not nearly as cynical as you, and trust that there's at least *some* reliability to the logging and forensics available to ISPs, and as such these logs do constitute proof. It's the whole "reasonable doubt" thing...



        Finally, you suggest that you would have no proof without forensically analyzing her machine. This is incredibly false, for a number of reasons. I'll number them:

        1) The violations were in the traffic itself, not the end user. It doesn't matter what is or isn't on her personal computer, the 18 separate accusations were that "this IP is transmitting illegal content (and violating the policies of the ISP in the process)".

        2) What remains on her computer now is not forensically significant. Content can be deleted. And contrary to what you may see in the movies, it is possible to erase something from disk to the point where even the most sophisticated equipment on earth cannot recover it (not that the ISP would have access to any of these methods, or the ability to get a warrant to confiscate her computer for analysis).


        So what is forensically significant? How about logs of 18 different accusations of policy violations? It only takes 1 verified incident to justify a response in line with the terms and conditions of the service. But you think they're all made up and unreliable. You shouldn't respond to this then, because I didn't even write any of this. It's all just an anomaly in TechDirt's database that coincidentally looks like proof that someone wrote this. Besides, TechDirt's database is probably much less reliable than an $13 Billion ISP's service logs. This post is probably just a bug, damn thing.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2010 @ 8:12pm

          Re: Re: Re:

          "Unfortunately, bugs in mission critical software doesn't really mean anything in regards to this situation. Unless you feel that the presence of bugs in certain mission critical software proves that all of the logs and forensics available to this ISP are inaccurate, fabricated or unreliable? That's a pretty wild jump, in my opinion."

          First of all, you are assuming that the ISP has sufficient evidence to prove wrongdoings on her account. Perhaps there is and perhaps there isn't, but isn't that the purpose of due processes to decide instead of just the ISP or the RIAA/MPAA and their influence on the ISP? If they have evidence why not present it in court and present it as part of the due process section. It wouldn't be good if cops could just declare that they had enough evidence to punish someone and if they could just decide to punish them on such basis without due processes.

          link to this | view in chronology ]

        • identicon
          :), 2 Feb 2010 @ 12:15am

          Re: Re: Re:

          Logs from the ISP mean little when they don't have the absolute ability to distinguish real from bogus.

          Hacking Cable Modems for Fun and Profit

          Cable Modem Hacking Goes Mainstream

          Hacking routers did go mainstream and is in the realm of fantasy land any more is real and the way to do it is spoofing the MAC address which would say to the other machine that you are their costumer but it wouldn't tell you from where it was just a general area and because ISP's super oversubscribe you got 1000's of suspects not hundreds.

          Logs in ISP are not forensic evidence and should never be accepted as such as they are unreliable, they are not DNA evidence, they are not fingerprint evidence of any kind, they can generate leads but in no way ascertain anything and those who think they could I hope are not IT manager but just ignorant people who don't understand what they are using.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 8:23pm

      Re:

      "Now, that totally sucks that you got fired. And you can go and explain that it wasn't you that sent them, and with proof a reasonable organization would probably hire you back, expecting you to prove it wasn't you and taking steps to ensure that this doesn't happen again. Yes, you would likely be expected to prove that it wasn't you. Because the authentication in the first place (e-mail credentials) acts as the first set of proof that it Was you."

      You're being an idiot, I think most people know that computer viruses DO get on peoples computers and so does spyware and keyloggers. I think most people, including family members and friends and those who work for the organization, would know that the account has been hacked, especially if you have a reputation of being

      A: computer illiterate
      B: Not the type of person who would say mean things.

      I don't think you would have to require much proof. Back when I was a little kid, when I had AOL, I've had my AOL account hacked by people who used it illegally and AOL didn't question it and they're strangers. I've known people who have had their accounts hacked by trojans and their account sent me the same trojan and I knew it wasn't them. They just explained their account was hacked and I, and everyone, believed them. It happens and everyone knows it.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2010 @ 8:23pm

        Re: Re:

        Come to think of it Grandma probably had a trojan on her computer.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 1 Feb 2010 @ 8:25pm

          Re: Re: Re:

          but even if grandma DID have a trojan on her computer, which is likely (being she probably doesn't know much about computers and it doesn't seem like she needed the wifi), the person responsible should be whoever hacked her computer.

          link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 8:28pm

      Re:

      "It is the user's responsibility to keep their home network secure."

      The fact that people should lock their doors does not mean that they are at fault if someone breaks in, steals a gun, and shoots someone else with it. The person committing the crime is responsible, not the person who didn't lock their house with bulletproof glass and steel cages, etc...

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2010 @ 8:48pm

        Re: Re:

        "The fact that people should lock their doors does not mean that they are at fault if someone breaks in, steals a gun, and shoots someone else with it."

        But what if they leave the gun loaded and laying in the front yard? In other words, what if they use Windows?

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 8:34pm

      Re:

      "Is trying to blacklist her probably overboard? Of course. But then again, it's probably nothing personal and just the end result of some rule in some company policy manual somewhere. There are always situations which need unique consideration which is robbed by blindly following company policies, but unfortunately the people who make the policies tend to not encounter these situations personally unless there's a lawsuit involved."

      Personally, I don't mind ISP's having (just about) any policy they want, PROVIDED (and this is KEY) the government doesn't in any way restrict competition. Unfortunately the government DOES restrict competition (ie: by granting cableco/telco monopolies) and as such the government SHOULD absolutely regulate company policy to some extent to ensure that due process is in order. The ISP's should not have it both ways, there should not be both government restrictions on competition AND no regulation to on company policy. Unregulated government restrictions on competition is not acceptable. In a FREE market if one ISP wants to cooperate with the MPAA/RIAA then I can easily switch to another.

      Also, that does not mean that the government should create laws punishing ISP's that don't cooperate with draconian IP laws and that don't cooperate with the MPAA/RIAA. That would violate the free market and as such if the government is to create such laws then they should also create laws that ensure customers are subject to due process.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2010 @ 2:15pm

    Neat how not only does this approach seem to have failed to stop whoever was actually doing the downloading, but that in addition someone who has always paid for content has now resolved not to do so when it's delivered digitally--for fear of more baseless accusations. Which brings us back to the "how does graduated response create more sales?" question.

    Also, in the emails posted by Qwest they right up and said that her IP address was dynamic and had also been used by others. Even without considering the widely-used practice of spoofing (not just IP addresses but also host names and physical NIC addresses) it seems the evidence provided by BayTSP is threadbare. And this is what the grand plan of graduated response is based on? Surely they must know that the ones who are actually doing it aren't getting caught while the ones who end up getting cut off are the only ones who even might have considered paying for content?

    link to this | view in chronology ]

  • identicon
    Anony1, 1 Feb 2010 @ 2:17pm

    Hey TAM, why don't you enlighten us all like you did on the ACTA treaty thread? Oh that's right, I ASKED TWO STRAIGHFORWARD QUESTIONS AND YOU PROCEEDED TO STFU and NOT answer them.

    PEOPLE: DO NOT feed the trolls.
    TAM = TROLL.

    link to this | view in chronology ]

  • identicon
    Dallas IT Guy, 1 Feb 2010 @ 2:27pm

    The ISP is responsible

    I don't know the particulars of her service with QWest, but in many cases (mine included) the ISP owns the router, and is responsible for configuring and managing it.

    The (public) IP address is properly associated with the router, not the computer(s) behind it.

    Therefore, I'd argue that if the ISP owns the router and manages it, they are responsible for securing it.

    link to this | view in chronology ]

  • identicon
    The Anti-Mike, 1 Feb 2010 @ 2:35pm

    I see my stupidity caused some confusion. When I said "There is nothing wrong with sharing you WiFi" I actually meant that anyone sharing their WiFi is a stupid evil criminal who should be arrested and thrown in jail (before they're proven guilty, of course).

    link to this | view in chronology ]

  • icon
    dwind (profile), 1 Feb 2010 @ 3:36pm

    Back to the bsics

    Again, how did BayTSP get her ip address in the first place?
    They have to be sniffing the line somewhere. Unless they have permission from the owner or are a govt. agency with a warrant they are guilty of wiretapping. This is no different from someone listening in on a phone conversation and actually much worse as they are getting all kinds of traffic not just download stuff. Credit card numbers can be flashing by as well as social security numbers medical history, you name it. How do they get away unchallenged?

    link to this | view in chronology ]

    • icon
      compgeek (profile), 1 Feb 2010 @ 3:40pm

      Re: Back to the bsics

      probably by paying off the people who are supposed to challenge them

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Feb 2010 @ 4:32pm

      Re: Back to the bsics

      I believe they get the IP addresses from joining ed2k networks. Basically they'll do what anyone else would do, like install an e-mule client and then do a search for material that the people they're working for have copyrights on. The unravelling starts here, since it's text-based search and it's only the name they're looking for. Of course with an electronic file you can name it whatever you want (it's how malware spreads on those networks). So it may or may not be the thing they (and other users) think it is.

      Once joined to a network, you can see the host names and IP addresses of the other network members you've connected to. The name can be whatever the individual client user wants it to be. The IP address can be spoofed, randomized, whatever. I'm pretty sure that on ed2k (don't use it myself, so I'm not clear on it) a client is connected to all the other clients on a given server even if they don't have the files the client user wants. So there again it's not really proof of anything.

      This is just from the letters I've run across third-hand that came from BayTSP. I've only ever seen reference to files on ed2k networks (the client being used is identified in the letters). The only other things identified are the filename and the IP address, with data from a whois service (which for home users will show their ISP, I'd imagine). Really doesn't tell you anything, and in the end what little they do provide all rests on the assumption that the IP address and the content of the files are genuine.

      link to this | view in chronology ]

      • icon
        dwind (profile), 1 Feb 2010 @ 6:36pm

        Re: Re: Back to the bsics

        Thanks for the explanation. So, the RIAA actually participates in the distribution of files.
        ed2k had to pay $30m to the riaa for copyright violation in 2006.

        link to this | view in chronology ]

      • identicon
        Anonymous Coward, 1 Feb 2010 @ 8:42pm

        Re: Re: Back to the bsics

        "I believe they get the IP addresses from joining ed2k networks."

        You mean you ASSUME such. Remember what happens when you assume. This is why due process is very important.

        Say I worked for a company and I sold widgets. Say grandma sells widgets on the Internet and she competes with me. Now maybe I don't want the competition. What can I do to stop it? Perhaps accuse her of file sharing. Without due process it would be easier for me to block her internet access, especially if I know there will be no due process.

        Sure this is oversimplified but the point is that the lack of due process opens the door to all kinds of abuses. Due processes is important, not mere accusations. You don't know what evidence the ISP has, you're just assuming they had an IP address, etc...

        link to this | view in chronology ]

  • icon
    letherial (profile), 1 Feb 2010 @ 4:46pm

    wow all i got to do to get someone kicked off the internet is accuse them of file sharing, that's fucking awesome, any quest users out there? don't piss me off. :)

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Feb 2010 @ 5:03pm

    Will News.com take a similar interest when the MPAA tries to kick a printer off the internet?

    link to this | view in chronology ]

  • identicon
    :), 2 Feb 2010 @ 12:56am

    Ways ISP logs get it wrong.

    Recently AT&T costumers found a new superpower they could log into other people accounts in many other services, and to this day AT&t doesn't know what did cause its routers to send people other peoples session cookies for unencrypted connections/services.


    Spoofing IP and MAC address is easy and anyone can do it if they know where to look for. you can even spoof your IP using ping but no grandma would know how to do it or at the very least very few grandma geeks exist today.

    Oversubscription is a good thing when is done with judgement but not at the levels done in the U.S., some very real problems that occur are high congestion rates and the need for more server to take load balancing duties this means simply that if someone spoof the MAC address from a router it won't show up at the node logs it could show up further on another node that got to help the other one with the traffic and this have some consequences, which connection is the real one? there is no easy way of knowing which of 2 address is the real one. More because of oversubscription a node is responsible for thousands of routers so the minimum resolution of something is in the thousands a very high number that is sure to cause very low detection rates that give very good cover to people abusing that system(crowd cover).

    Most P2P trackers are poisoning their own networks with fake IP address, where the clients black list those address after not receiving anything from them or receiving garbage, but for people who collect IP's there is no difference unless they go the extra mile and try to download something from that IP. No where people are forcing those accusing them to show how exactly did they collect that data and that is bad.

    Not to mention that faulty equipment can err. Databases get corrupted, humans failure, data entry errors etc.

    So QWEST wants to play hard ball that is fine as long as they assume the consequences of doing so in the future and that could mean a very long list of lawsuits that could range from defamation to negligent behaviour and everything in between.

    They did nothing to find a solution to the problem, they did nothing to trust the person.

    They could have changed the routers and her MAC address, to see if that solved the problem, they could have asked permission to install specialized software at the routers to see if someone was targeting her, They could have temporary tagged her traffic to see if it was true or not, they could have done a dozen things to ensure that that person was really telling the truth or not but they did nothing of the sort, instead they threatened an old lady and said without fear that they would ruin her good name so that she could not get anyone else services that should be actionable and a no brainier in court.

    The ISP did nothing and they are not obliged to do so, but to accuse and have no concrete evidence is just not acceptable and worst to act upon assumptions of guilty without real concrete evidence is just down right criminal.

    link to this | view in chronology ]

  • identicon
    :), 2 Feb 2010 @ 1:30am

    Wirelless.

    Anyone using Wii will not have a WAP to configure as the Wii last I checked and it was a couple of years ago only accepted WEP encryption.

    That is another point, many routers are not secure specially the cheap ones and cannot be because of hardware limitations.

    link to this | view in chronology ]

  • icon
    dwind (profile), 2 Feb 2010 @ 4:46am

    wii accepts WPA2. WEP is worse than useless and should be removed from wireless routers.
    Message of the day
    Where there can be a problem there will be a problem.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Feb 2010 @ 5:11pm

      Re:

      "WEP is worse than useless"

      I agree with this.

      A: It's not secure so it can't be used for security.

      B: It's not open, so it can't be used for as an open access point for businesses (ie: Starbucks and other coffee shops and malls) or anyone to provide free WiFi. The lack of security is better than WEP.

      C: It can give ignorant people a false sense of security which can be dangerous.

      The only use it has is if you're stuck with using a particular device that only supports WEP encryption and you think that some very weak security is better than absolutely none.

      link to this | view in chronology ]

  • identicon
    eddn, 2 Feb 2010 @ 5:09pm

    Q-West kicked another mother off line yesterday

    I'm a computer Tech. in Bend Oregon spending most the day 02/01/2010 checking a client's computer as Q-west had disconnected her servise for file sharing then sent her e-mail no worning just turned off her service she called me after she finaly contacted Q-West reguseting her service be turned back on so she could read the termanation e-mail then forward my company a copy of the e-mails very interesting to say.So aparently it is true and no 3 strikes turmination with out hearing Great going Q-West.
    Now she is asking me what to do with her e-mails from Q-west

    link to this | view in chronology ]

  • identicon
    Jay Morgan, 2 Feb 2010 @ 8:00pm

    Google/MiMTiD

    A small micro blues label filed a lawsuit December 7th, 2009. Their secret weapon is a company named MiMTiD. This dedicated search platform uses their advanced system to track not only every link, they also capture in their database advertising that Google and its partners are running next to illegally downloaded copyrighted materials. Why? Because they take that information to large retailers in the U.S. to show them (the retailers don't know)that their ads are running next to illegal copyrighted materials. I sure knows by now that MiMTiD is crawling the internet looking for every illegal dessiminators and what ads are running. I'm not sure how companies like Walmart will take this type of information since their CD and DVD sales are down 30 to 40%!

    link to this | view in chronology ]

  • identicon
    Jay Morgan, 2 Feb 2010 @ 8:01pm

    Google/MiMTiD

    A small micro blues label filed a lawsuit December 7th, 2009. Their secret weapon is a company named MiMTiD. This dedicated search platform uses their advanced system to track not only every link, they also capture in their database advertising that Google and its partners are running next to illegally downloaded copyrighted materials. Why? Because they take that information to large retailers in the U.S. to show them (the retailers don't know)that their ads are running next to illegal copyrighted materials. I sure knows by now that MiMTiD is crawling the internet looking for every illegal dessiminators and what ads are running. I'm not sure how companies like Walmart will take this type of information since their CD and DVD sales are down 30 to 40%!

    link to this | view in chronology ]

  • identicon
    kristof, 22 Nov 2011 @ 11:35am

    well then....

    recently i also got a 2nd notice for this and had to fill out a form and send it back to get re-activated. if this happens again i am done. I use mediacom, and though im not going to lie, i have in the past downloaded illegal software, the instances that they are referring to, i never downloaded. BAYTSP is the reporting agency. So my questiong to anyone who might know, is there a real way to fight this, because the first time i contacted mediacom just like before, and they did nothing at all. im sure the paper went directly from their mailbox to the shredder.

    i know this is not legit because i was away on a trip with my wife and child. I use a combination of wep and mac blocking. Also, to boot, both of my computers were turned off, and my laptop was with me. checking the logs of my router, i found no evidence of anyone entering it while gone, though not to say someone skilled didnt edit the log. So, this must mean they entered the modem directly then....so do i have any defense?

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.