News.com Prevents Falsely Accused Grandmother Of Getting Kicked Off The Internet By The MPAA
from the but-who-will-protect-anyone-else? dept
One of the problems we've had with the whole "three strikes" concept that would kick people off the internet due to accusations, not convictions, of file sharing, is the fact that we hear all the time about innocent users accused of file sharing. Greg Sandoval, over at News.com recently came across a grandmother who was falsely accused multiple times of file sharing, and her ISP, Qwest, was threatening to kick her off the internet. We had not heard that Qwest had signed on with a "three strikes" program, so it's a bit of news that it's one of the companies who will accept bogus accusations. Not only that, but Qwest even told her that no other provider would grant her service because Qwest would let those other service providers "know her name and what she did." Thanks, Qwest!The problem, of course, was that Cathi Paradiso didn't share any of the movies or TV shows she was accused of sharing, and she works from home as a recruiter -- so losing her internet access would be devastating. But the only way she got Qwest to back down was because Sandoval and News.com became interested in the story and convinced Qwest to look deeper. But if Paradiso hadn't been able to draw attention to herself from the press, she would have had no recourse. There was no one she could appeal to, and no official process to respond to the bogus claims of Hollywood. She got lucky that News.com was willing to pick up her story and contact Qwest, but what about anyone else threatened with bogus notices? Meanwhile, BayTSP, the company whose "evidence" has been shown to be flimsy and easily falsified in the past, stands by accusing her of file sharing, saying it was her own fault for having an open WiFi network, suggesting there's something inherently wrong with sharing your WiFi. Yes, the company stands by its false accusation. Nice company.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: due process, false accusation, file sharing, three strikes
Companies: baytsp, qwest
Reader Comments
Subscribe: RSS
View by: Time | Thread
Insight does this too
I only got one strike from them. If I had to guess (from talking with them), the extra couple strikes they give you are for the benefit of the doubt with respect to open wifi and shared connections. They give you a chance to get informed about those things and how to deal with them, then after that you are on your own. Amusingly, the person I talked with told me several times about how they "have to do this" in order for them not to get in trouble. I might have given him a hard time about that if I didn't know that he was just some random guy reading a script off of his screen.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
There is nothing wrong with sharing you WiFi, but it's like letting someone else drive your car. Don't be shocked if you get a bunch of parking tickets or you car gets seized at the border full of pot or illegal aliens.
At the end of the day, if her internet connection is that important to her, she should protect it.
She was falsely accused multiple times, you would think that maybe she would take a minute to secure her connection.
It's a nice attempt to paint the story as bad (the grandmother angle is so cute!), but the reality is this: She allowed anyone and everyone to use her access, and she is responsible for it.
[ link to this | view in chronology ]
Re: Responsibility
> access, and she is responsible for it.
Not under the law, she isn't.
Qwest may decide to impose that responsibility on their customers-- that's their right-- but that's a decision they may live to regret as those customers vote with their feet and walk away.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
It's amazing how reasonable you can make slapping a victim sound....
"She was falsely accused multiple times, you would think that maybe she would take a minute to secure her connection."
Sigh, perhaps, but it would also stand to reason that after accusing grandma multiple times, the ISP and the firm gathering the data might drop the big bad wolf act and reconsider their method for accusing people....
"She allowed anyone and everyone to use her access, and she is responsible for it."
This is getting dumb. Just because she makes the free choice not to lock up her connection shouldn't render her responsible for what others do. Oh, and going back to earlier in your comment:
"it's like letting someone else drive your car. Don't be shocked if you get a bunch of parking tickets or you car gets seized at the border full of pot or illegal aliens."
That isn't even close to the proper analogy. It's like not LOCKING your car and it gets stolen by someone who uses it to do all the things you said. Grandma is lending out her WiFi...she's just not locking it up. There is and should be no legal requirement to lock up what is yours, and not doing so, as in the case of the car, should not render you responsible for the actions of others.
[ link to this | view in chronology ]
Re: Re:
Going further, maybe Grandma didn't actually know HOW to lock up her wifi. Maybe if someone from Qwest woke up they could have asked her if she needed help.
Assuming that everyone who has internet access is tech savvy really only makes an ass out of everyone.
[ link to this | view in chronology ]
Re:
--- Wrong.. you are implying that she gave permission for someone to use her WiFi. Leaving you car unlocked may be careless, but does not imply permission. Which, is a more accurate analogy of what she did in this case.
"At the end of the day, if her internet connection is that important to her, she should protect it."
--- So, she had it coming by not being savvy enough. Nice logic.
"She was falsely accused multiple times, you would think that maybe she would take a minute to secure her connection."
--- Actually that is a fact under dispute, so don't make the assumption that best suits your flawed argument.
"It's a nice attempt to paint the story as bad (the grandmother angle is so cute!), but the reality is this: She allowed anyone and everyone to use her access, and she is responsible for it."
--- Well, if your house ever gets robbed because you forgot to lock one of your windows or a door, don't bother to call the police or your insurance company to report the loss. It is implied that by leaving it unsecured you gave them permission to take whatever they could. If it was really important to you, you should have locked it, right?
[ link to this | view in chronology ]
Re:
And how do you know she didn't? All the article states is: "and he discovered that her network had been compromised". It never said she had an unencrypted open WiFi network. Only that it was compromised ... she could have had a password that was cracked, a machine within her network could have been hacked or hijacked. Perhaps her ISP gave her a modem with an integrated WiFi router that was enabled without her knowledge.
Though, if you lend out your car, you are responsible for parking tickets, but you aren't responsible if the person robs a bank and uses your car as a getaway car. And if your car is seized for human trafficking, you'll get it back after it's done being used as evidence. You're responsible for civil fines in cases where your property is left in public, but not criminal involvement from other persons using your property.
And regardless, there are easy-to-understand processes in place for dealing with false accusations of parking tickets. You can fight a false accusation in court, and three parking tickets will not terminate your ability to drive a car. This grandmother would not have had any means of recourse had it not been for public outcry.
Government officials recognize that denying convicted felons and sex offenders access to the Internet is too draconian ... yet being accused a couple times of downloading a song or movie using severely faulty identification techniques justifies terminating the ability for someone to function in an increasingly web connected world. That makes so much sense.
Every web site you visit knows your IP address. A little spoofing, a couple e-mails, and The Anti-Mike may not be able to post any more comments to TechDirt for a while.
[ link to this | view in chronology ]
Re: Re:
You guys are amazing.
If the women had an open (or compromised) wireless phone on her phone line and someone ran up thousands of dollars of long distances, you know who would be on the hook, right?
The first time, the phone company might eat it.
The second time, they might eat it to.
The third time, they are going to be less than interested in eating it.
After numerous times, you really think they are going to want to keep paying?
Every web site you visit knows your IP address. A little spoofing, a couple e-mails, and The Anti-Mike may not be able to post any more comments to TechDirt for a while.
I DARE YOU.
[ link to this | view in chronology ]
Re: Re: Re:
Sorry, I don't follow Playground Rules. Just because you dare me doesn't mean I care enough to follow through. :P
AND SHE DIDN'T HAVE AN OPEN WIFI CONNECTION! Read the damned articles. She said she did her best to close it. Qwest sent her a modem with WiFi built-in. She did her best to secure it.
So:
1. Qwest provided the compromised hardware and didn't secure it by default.
2. She did her best to do Qwest's job by securing their hardware.
3. The hardware was compromised.
She didn't even use the WiFi, so I doubt she would have turned it on. She networked her computer to the modem/router directly. It's Qwest's fault for giving out compromised equipment. So why should she suffer for it?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Uh oh, little TAM's gonna poo his pants now.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Also, the companies don't send these wireless units out without putting WEP or similar on them.
Again, if this happened once, it might be something. That it happened over and over again shows someone who wasn't taking care of the situation and wasn't asking for a resolution to an issue. I am sort of amazed that you think someone should not at all be responsible for anything, even as they watched it happen over and over again.
Does Quest have some responsibility? Yes. But the end user has at least part of the responsibility as well.
Oh yeah, I still dare you. You are a big talker, now show us how you do it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
If they're sending them out with WEP enabled then they are indeed sending them out unsecured.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
its not just for breakfast anymore....
(although, you really should cut back.. you have been binging on it lately)
[ link to this | view in chronology ]
Re: Re: Re:
Part of me wishes that somebody would take you up on the offer. Sadly, we'd not get to witness your impotent rage as you're subjected to the punishments you advocate for others. After all, if your IP address was accused 3 times of the "crime" then you MUST be guilty of something, right?
[ link to this | view in chronology ]
Re: Re: Re:
Those are very dangerous words to use on the internet. Be careful little troll....there are much bigger trolls out there that would be more than happy to take you up on that.
[ link to this | view in chronology ]
Re:
People stopped using it because it stopped working, well your and the industries speil are not working so think you can stop too??
Fail Again... You trying for a trolling record?
[ link to this | view in chronology ]
Re:
"She says she did her best to lock down her network, but she acknowledges that she's not an expert."
So, she was falsely accused AND she had locked down her network. Outside of everyone who wants to get on the Internet having a Masters Degree in Network Security, what is the logical point that she has done enough to protect herself? A smart hacker will break any security, so you just need to live next to a bunch of dumbasses?
[ link to this | view in chronology ]
Re:
Actually we don't know that. (There is no way of knowing it.) The company that accused her is claiming that that must have happened because it sort of gets them off the hook. However it is also more than possible that their system has a bug in it.
[ link to this | view in chronology ]
WiFi Security
Your correlation between letting someone drive your car and her letting others use her WiFi is complete and utter rubbish. If you want a real correlation, it would be more like, her care getting STOLEN because she left the keys in it, and then it being used to commit one of the crimes you listed. While leaving your keys in the car is foolish, it is NOT against the law. A person cannot be held liable for another persons criminal acts unless a iron-clad connection can be made to show that the person not committing the crime knew the crime was being committed or should have known the crime was being committed.
No where in any of these ACCUSATION cases are any of those being punished, are they being charged with a crime and being found guilty of said crime. Nowhere in our Legal System is there room for ACCUSATIONS and Punishment without proving those Accusations in a Court of Law.
What will eventually happen is one of these cases will make it's way to the Supreme Court and all the Justices will find for the accuser. Our Nation is a Nation of Laws, not a Nation of Accusations. Companies that threaten people with Punishment or BlackBalls will be found to have acted without any DUE DILIGENCE or PROCESS, and they will feel the sting of the High Courts ruling in their Pocketbooks when the Court will let stand the HIGH Payout for acting OUTSIDE our Legal System in these matters.
If the RIAA/MPAA want to make these Civil Cases into Criminal Cases then they will find that they will be paying a HIGH PRICE when it comes to falsely accusing and punishing people who DID NOT commit the crimes they are accused of.
As for you, you should seriously do some study on what happens when ANYONE or ANY CORPORATION acts without DUE CAUSE or PROCESS.
[ link to this | view in chronology ]
Re: WiFi Security
[ link to this | view in chronology ]
Re: WiFi Security
[ link to this | view in chronology ]
Re: Re: WiFi Security
[ link to this | view in chronology ]
Re: WiFi Security
"Tool" starts with a "t". HTH. ;-)
[ link to this | view in chronology ]
Re:
Further some more little questions that all IT managers know the answers to:
- What are the steps to change a MAC address.
- What are the steps to hide your MAC address from the network.
- What are the steps to change an SSID.
- Which are the steps to add rules to a firewall.
- What is a DMZ.
- How do you set up a DMZ.
- How do you control access to the OSI layer 7.
- What are the steps required to test your security?
- How do you setup probes to warn you about intrusion?
- How to distinguish normal traffic from attacks.
- How do you install IDS(Intrusion Detection System), NIDS(Network Detection System), HIDS(Host Intrusion Detection System) and which one?
- What are the steps to signing cryptographic public keys?
- Which encryption protocol do you choose?
- How to setup a DNSSEC?
- Which is more secure WEP or WAP?
- What internal address the router uses? it is IPv4 or IPv6?
- What are the steps required to limit the number of wrong password attempts on a router provided by the ISP?
- How do you reset a router?
- How do you reset the password for a router?
- how do you counter MAC spoofing?
- how do you check your firewall configurations?
- how do you check your routers configurations?
- how do you test all of that?
This is not all you have to know to secure your network is just part of it, now how a layman is suppose to know all of that when even for hardened IT personnel is difficult?
[ link to this | view in chronology ]
Re: Re:
"As an end user, you don't need to know".
A standard user, with a wifi set with WEP (default active from the cable or DSL company), with a standard anti-virus, firewall turned on, updated regularly has nothing more they need to know, unless they want to run specialized software.
The rest of your questions are things that end users don't generally need to know. WiFi routers/modem combinations (2wire is a commonly used company for this) are shipped to the user pre-secured already. The Wireless is secured with a significant security key, and the only way to access the modem otherwise is via hard wire. While the wireless key isn't impossible to hack, it's a pretty long key, and the time to test a key is long enough to make brute force hacking a pretty useless way to get in, and most of the tools to hack WEP require that there are active users on it (which there was not in this case). For example, the WEP key (default) on my 2wire is 26 characters. The total clicks required to turn off wireless is 3, and could easily be explained by technical support.
[ link to this | view in chronology ]
Re: Re: Re:
Wow, you *are* dumb. WEP is ridiculously easy to crack. Maybe not for tech idiots like yourself, but anyone can do it in a few minutes with the correct tools.
First result in a Google search (that returned 1,390,000 results despite me somehow mistyping WEP), read it and learn:
http://lifehacker.com/5305094/how-to-crack-a-wi+fi-networks-wep-password-with-backtrack
[ link to this | view in chronology ]
Re: Re: Re:
OMG!
YouTube: Cracking WEP in under 4 minutes
You are the old lady and don't even realize.
[ link to this | view in chronology ]
Re: Re: Re:
If I get a car(PC) exactly like yours and put your plate numbers(MAC) on it and use it to commit crimes would you like to be punished for it? would it be fair?
Cameras on the street showed that your car did it based on the plate numbers(logs of the MAC address).
If someone hijacked your car(PC) and used to do some crimes would you be willing to accept full responsibility for somebody else actions? I doubt that.
How layman's will know they have been hijacked, impersonated or there was some mistake elsewhere if they don't know how things work?
You just proved to everyone here that you know just as much as the old lady and probably would have fallen victim too and could be easily in her situation, and is just luck that you are not.
[ link to this | view in chronology ]
I'm not responsible for you.
[ link to this | view in chronology ]
Responsibility
I wonder what the legal issues are for Qwest to disconnect her without being convicted. Probably little to none, but black-listing her in the industry would definitely qualify for some fun legal work.
On the flip side, she is responsible for her home setup. If the terms and conditions of using Qwest Service states that such abuse is not acceptable, then she really needed to take the steps to ensure her home setup was secure (systems, network, etc.).
It is going to be an interesting world soon. Soooo many IP devices going into each home and so many potential holes to be abused.
I'm also surprised that Qwest which was the only TelCo to stand up to the Government for spying is now in the forefront of tossing folks off the Internet without proof - seems a bit ironic to me.
In the end, sure seems like IPv6 could solve or help this issue - give every device a real IP and then Qwest could easy pinpoint the real cause/device.
Freedom
[ link to this | view in chronology ]
Re: Responsibility
I was wondering about that myself. If she was blacklisted and she sues Quest for libel, or something similar, wouldn't this info all come out and Quest get a huge smackdown?
[ link to this | view in chronology ]
Sue BayTSP for depriving her of income?
[ link to this | view in chronology ]
A Better Response from Qwest
We shouldn't have to worry about such things in an ideal world, but if Qwest is really going to get their panties in a bunch about something as trivial as downloading then they should offer to help her out.
You guys can point your fingers at her and say its her responsibility and everything, but that doesn't mean she knows how.
Or they could take both roads, be helpful and condescending:
http://lmgtfy.com/?q=how+to+secure+a+router
[ link to this | view in chronology ]
[ link to this | view in chronology ]
So, if the accusation was without merit and was passed by BayTSP, isn't that slander? How is that different than me spreading the rumor that YOU have sex with farm animals? It's either slander or libel.
If Qwest then goes and blacklists her, then they are guilty of slander or libel as well with responsibility for any and all loss of income damages.
If they fail to do the proper checks, it should also qualify as conspiracy.
Of course, since the RIAA and MPAA are the largest rackeetering organizations on the planet, the chances of any ACTUAL legal wetwork is minimal.
PROTECT THE CHILDREN!
STOP THE TERROR!
(Insert new buzzword scapegoat here)!
[ link to this | view in chronology ]
Re:
FTFY
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Oh? How do you know?
[ link to this | view in chronology ]
/sarc
[ link to this | view in chronology ]
If a billion dollar tech company, Like Google, can not have 100% security what hope in hell does the average Joe have?
Given security holes in windows the ISP should just cut you off because you are running windows. After all you should protect yourself and not run such a inferior OS. Given that any OS may have unknown security hole they should just cut everyone off.
[ link to this | view in chronology ]
Middleman...
Take the ISP out of it and put the blame where it belongs - let the accuser go after the IP owner with proof and in a court where this belongs and things get a lot clearer.
Either way, her issues remains and it is in her best interest to ensure her home network doesn't abused.
Freedom
[ link to this | view in chronology ]
Re: Middleman...
Well, yeah, like it's also in rape victim's best interest to ensure they don't get raped.
[ link to this | view in chronology ]
Would it be *nice* of them to try to help Grandma identify the unauthorized use of her personal network? Probably. Is that their responsibility? No.
Your home network is Your responsibility, not the ISPs. If you are able to hand that responsibility off to some other company or consultant by having them take care of it for you, that's great, but when grandma buys a router for $40 at Staples and thinks that she's a qualified network administrator, she might experience the consequences. It's nothing personal grandma, it's just the way it is.
It is NOT the ISPs responsibility to know WHO is requesting information on grandma's account. It doesn't matter if it's grandma, or the punk that lives next door leeching her wireless, they service the account and they punish the account.
Think of it like this. Let's say you have an e-mail address. Unbeknownst to you, someone else has your e-mail password and not only do they check your e-mail, but they generate e-mail of their own. Including sending messages to less than reputable people, your coworkers, friends, family, etc. They actually go and say some pretty mean things, and call your boss names and harass family members. Now, let's say you get fired for the outbursts toward coworkers, creating hostility, etc. Not only were you fired, but close family members are now upset at the things that 'you' said, and there's some chaos in the air. People don't like you too much right now.
Now, that totally sucks that you got fired. And you can go and explain that it wasn't you that sent them, and with proof a reasonable organization would probably hire you back, expecting you to prove it wasn't you and taking steps to ensure that this doesn't happen again. Yes, you would likely be expected to prove that it wasn't you. Because the authentication in the first place (e-mail credentials) acts as the first set of proof that it Was you.
Would you blame the organization? Because to them, it was YOU doing outrageous things, and they had to take action. Would you blame your family for being hurt/upset? Someone with your credentials, with your access. It looked like it was you doing it, and it's unreasonable to think that they should have just instantly known it wasn't you. You had a responsibility to keep your credentials private, and in failing you may have hurt (or at very least confused) those around you.
It is the user's responsibility to keep their home network secure. Yes, there are a million people that know Nothing about how to do that, and many try to do it themselves anyway. Yes, most home networks are incredibly easy to crack into (less than 5 minutes with the right tools). But that doesn't mean the responsibility isn't there, and that doesn't mean there aren't real consequences to failing that responsibility.
Is trying to blacklist her probably overboard? Of course. But then again, it's probably nothing personal and just the end result of some rule in some company policy manual somewhere. There are always situations which need unique consideration which is robbed by blindly following company policies, but unfortunately the people who make the policies tend to not encounter these situations personally unless there's a lawsuit involved.
[ link to this | view in chronology ]
Re:
Says who, my little shilling friend?
The activity was coming from her account, her IP. Is that proof that Grandma herself was personally infringing? No, but they didn't take actions against Grandma's computer, they took actions against Grandma's account.
No, they took action against *Grandma*. Or would you have believe that they would have been perfectly willing to let *Grandma* open a new account (even while they blacklisted her with other providers)?
Man, you industry shills really take the cake.
[ link to this | view in chronology ]
Re: Re:
It would be absolutely damning if there were documents called Terms of Service, and Acceptable Use Policies that define certain activities which are prohibited and define who is responsible for the actions of the account.
I bet the ISP is evil yet again, because grandma agreed to terms without reading them. Say what you want about contracts and ToS and big business, and all that crap that you conspiracy folk like to do, that doesn't mean the company wasn't within their rights to act how they did.
As someone pointed out earlier, this story is only here because of the cute "grandma" spin to it. I don't see a story here every time someone has their "identity stolen" and suffers some true hell and ruin. Much more important stories, but not nearly as much fun for you guys to cry about.
[ link to this | view in chronology ]
Re: Re: Re:
When you run Techdirt, you can pick the stories. Until then, try starting your own blog (that I doubt anyone but yourself would read).
[ link to this | view in chronology ]
Re: Re: Re:
But it sure helps, doesn't it?
[ link to this | view in chronology ]
Re:
Think of it like this. Let's say you have a car. Someone steals your car and uses it to commit a crime...
[ link to this | view in chronology ]
Re: Re:
The e-mail metaphor is much, Much more fitting. It's not physical theft that's the issue here, it's not someone's house being broken into. The issue at hand is a matter of mistaken/"stolen" identity, which is what the e-mail metaphor demonstrates. I suggest you read it again.
As the question above asked, could you blame your employer for taking corrective actions when they believed that you were acting inappropriately and in a way that required corrective actions?
Grandma has a responsibility for the security of the account, and she failed that responsibility. Some kid used her account to act in a way that violated the ToS and AUP of the company, so they shut down the account to stop the violating actions.
Or, if you're absolutely stuck on the "car" metaphor, at least get it right. This is much more as though someone with the same model/color car as you made a copy of your license plate and was caught by a redlight camera. The police writing the ticket don't necessarily know who's driving (downloading), but they're going to write the ticket to the registered owner of that license plate.
Do you blame the cops for not knowing that it grandma in the driver seat? ...I really hope not.
The difference in this latest metaphor being that, in this imaginary case, it's not the grandmother's fault for the mix-up. In the real case, the grandmother has accepted the responsibility for all actions on the account (according to their ToS and AUP), and failed to secure it.
[ link to this | view in chronology ]
Re: Re: Re:
I rather think that you just don't like metaphors that don't go your way.
Now let's say that her stolen car was used in a drive-by shooting resulting in a capital murder.
Do you blame the cops for not knowing that it grandma in the driver seat? ...I really hope not.
So, the cops should automatically charge her and should she be executed on the mere basis of an accusation with no due process, eh? Yeah, I can see that's what you would hope for. You people are scary.
[ link to this | view in chronology ]
Re: Re: Re: Re:
I explained why the metaphor used is faulty (ie, this is not physical theft, but mistaken identity), and you still can't figure it out.
But let's assume, for a second, that we *HAVE* to stick with your weak metaphor. Think about it one step at a time and you'll still justify the actions taken:
Let's say someone steals her car and uses it in a drive-by shooting, resulting in a capital murder. There's a photograph (ISP logs) connecting her car to scene the murder. Would the cops be wrong to show up at her door and take her into the station for questioning?
So what would be the end result? They question her, she claims her car was stolen before hand, and some sort of evidence of this claim is substantiated before she's in the clear and they keep looking. Grandma lives, hurray!
In this case, there's no obligation to see if grandma was shooting or not, as it is the ACCOUNT OWNER that is responsible via the traffic and terms of service, NOT the person. This is why this metaphor is so poor. They didn't come to grandma's house and destroy her ability to use the internet ever again anywhere, they disabled the account that was violating the policy. And where she had agreed to full responsibility for the actions of her account, there is no similar agreement with possession of a car (not to mention that the car isn't the thing responsible for the murder, but the gun is, so a hit-and-run would have made more sense).
It's been cleared up. Grandma has her internet back (and an attorney, thanks to our sue-happy society) after they've concluded that she wasn't the one doing it. Network compromise was blamed and presumably grandma should have it fixed. In metaphorical terms, she was found not guilty and returns to the streets.
People have their "identities stolen" (I fully agree that it ought to be called "bank robbery" and treated as such instead), very often, and the effects can literally destroy lives and cause major problems for the victims. But hey, who cares about that....this lady almost had her internet shut off due to a similar problem of stolen credentials that she helped create (by having an insecure network)
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
So, Yes, I realize that the majority of networks in the future will be insecure as well.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
They didn't question her. They summarily executed her on an accusation. And there wasn't even a "photograph", just someone's *claim* that they saw her license plate at the scene.
Grandma lives, hurray!
In the afterlife. What great justice. Kill 'em all and let God sort 'em out, huh?
It's been cleared up. Grandma has her internet back
Only because she got "special" attention that raised her from the dead. That's not how it works for most people.
[ link to this | view in chronology ]
Re:
No, that is incorrect. They had an IP address. That is not proof of very much at all. Is it possible that there was an issue on her account? Yes, perhaps, but that is not proof.
The infringing account had action taken against it, and that's not nearly as unfair or crazy as some of you seem to think.
When it punished an innocent person, why yes, that does seem quite unfair.
It's not the ISP's job to care exactly what(or whose) computer is infringing, it's their job to identify what account on their network is infringing, and take steps to correct it.
No, that is not an ISPs job at all. They have no legal responsibility to do so at all.
Would it be *nice* of them to try to help Grandma identify the unauthorized use of her personal network? Probably. Is that their responsibility? No.
Would it be *nice* of an ISP to act as copyright cop for an obsolete industry? Probably. Is that their responsibility? No.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
For those who don't know, everything that you do online, every connection you make, every packet you send or receive, can be monitored/logged/etc through your ISP. Now, I think it's fair to say that for the most part they don't log most things, and mostly don't care. But after 18 accusations of violating actions on her account, I would venture a guess that they were able to actually verify the activity. Call me a shill if you wish, but it's hardly crazy talk.
I think it's a bit of a stretch to call her "innocent" in this case. I love grandmothers as much as the next guy. Heck, I still have one left and I love her. But when this grandma failed to secure her network, "innocence" becomes a little fuzzy. She agreed to take responsibility for all actions under her account, and as soon as they held her to this she flipped out. Yes, her account abuse was not intentional on her part, but ignorance is no excuse for a failure to meet the responsibilities you agreed to. If you're not able to run a network correctly, you shouldn't run one at all.
"No, that is not an ISPs job at all. They have no legal responsibility to do so at all."
You may be right here. They may have no legal responsibility to do so. However, you'll notice the e-mail posted on the article has 'DMCA' in the title, which may be an indication that the account was not only downloading content, but also disseminating it (peer to peer being very likely here). Depending on the actual traffic that was present, they may in fact had a legal responsibility to disable the account.
Regardless of whether they "have to" take action on the matter, they do have Acceptable Use Policies and Terms of Service, which give them the legal right to take actions against users who violate these policies. They may not be obliged to act at all on this matter, but it generally is the ISP's job to enforce its terms and policies, which is precisely what it did here. I have no idea why you guys think this is a problem.
It's not like they're randomly picking on this lady. This lady agreed to full responsibility for the actions of her traffic ("her traffic" defined as all traffic to her account, in this case her unsecured network). This traffic violated the policies of the service provider. The provider took action against her account for violating these policies. It's unfortunate that this grandmother's network was compromised, and I hope she gets that taken care of. But this is hardly big bad corporate america beating up on some innocent old lady just for giggles.
But of course, this site especially loves to bash and laugh at the recording/movie industry representatives, so this is just another change to get a dig in. I don't really care about those industries, as I listen to Pandora radio at work and rarely go to see movies, but this site is always super quick to get some kind of dig in on them. Those old antique idiots protecting their money! They suck!
However, keep in mind that the source really doesn't matter here, except to help ensure bashing. If I were your neighbor and I knew that you were constantly breaking the terms of your service and reported you 18 times for it, and the ISP could verify the violations, it would probably generate similar actions against your account.
[ link to this | view in chronology ]
Re: Re: Re:
As to DMCA requiring the ISP to act? It does not. It requires the owner of the account to act. Maybe. If you can prove it. The ISP's actions are their own, and just serve to piss off their customers.
[ link to this | view in chronology ]
Re: Re: Re: Re:
Throw in logs of traffic/connections, and you'd have plenty of evidence to prove if the accusation is accurate or not. Regardless of what the rest of the world sees, internal logs can show whether said traffic was going to grandma's modem or not.
Unless you think that the ISPs internal routers and name servers were hacked to specifically set grandma up. This is an interesting theory.
Your approach to DMCAs is very interesting, and works to prove your (lack of) knowledge and experience. ISPs take down sites every day upon receiving DMCAs, then allowing the account owner to refute the claim if they want, possibly getting the content re-enabled.
As an easy example of how misinformed you are, you are suggesting that YouTube videos are taken down by account owners after YouTube e-mails them to let them know that they accidentally infringed on copyrights and that the rightholder sent a DMCA.
Reality is, buddy, that the service provider takes down content immediately to cover their own asses (OCILLA), and only after an appeal will contested content be re-enabled. In this case, it wasn't a website that was infringing, but the traffic on her account that may have needed to be disabled (depending on whether or not there was a valid DMCA in this case, which we're still somewhat speculating on).
Please go read the DMCA and OCILLA articles on wikipedia to get your feet wet before you jump in and drown.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
Take down content, yes. I have never heard of a provision of the DMCA or any other US law requiring ISPs to cut off internet access.
According to Wikipedia:
"DMCA Title II, the Online Copyright Infringement Liability Limitation Act ("OCILLA"), creates a safe harbor for online service providers (OSPs, including ISPs) against copyright liability if they adhere to and qualify for certain prescribed safe harbor guidelines and promptly block access to allegedly infringing material (or remove such material from their systems) if they receive a notification claiming infringement from a copyright holder or the copyright holder's agent. OCILLA also includes a counternotification provision that offers OSPs a safe harbor from liability to their users, if the material upon notice from such users claiming that the material in question is not, in fact, infringing. OCILLA also provides for subpoenas to OSPs to provide their users' identity."
Nothing about removing internet access from a user. If there is something in the law I have missed please point it out, but I'm pretty sure the DMCA has nothing to do with this situation and Qwest decided to take this action of their own free will, with no legal obligation to do so.
It is almost certainly within their rights to do so, but that does not make it ethical or smart.
[ link to this | view in chronology ]
Re: Re: Re:
This is simply untrue. Section 230 of the CDA makes it clear that the network operator is not liable for the actions of users on the network. Why do you suddenly want to assume otherwise?
But of course, this site especially loves to bash and laugh at the recording/movie industry representatives, so this is just another change to get a dig in. I don't really care about those industries, as I listen to Pandora radio at work and rarely go to see movies, but this site is always super quick to get some kind of dig in on them. Those old antique idiots protecting their money! They suck!
Weird. This is simply untrue and an odd and vaguely moronic statement. We spend an awful lot of time showing success stories in the entertainment industry. We have no interest in getting "digs" in. But we will point out activity that we believe is wrong. You can disagree but to suggest questionable motives is ridiculous.
Is that really the best you can do?
[ link to this | view in chronology ]
Re: Re: Re: Re:
Attempting to stretch 230 into this the reason why 230 will in the end fail, because people like you attempt to apply it where it doesn't apply at all.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
"An internet connection (private) is the end of the line."
No, it's not. The *entire purpose* of a wireless router is to broadcast data to other machines. It is not the terminating device, and therefore is not the same thing as a telephone. It's more like a telephone exchange.
"If you allow people to access the internet via your private (non-commercial) connection, you are responsible in the same manner."
If you give express permission and have knowledge of what they are going to do, yes. If it is hacked without your knowledge, no. Go and enjoy your super-secure WEP connection before someone shows you how dumb you are on this issue.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
This Anti-Mike person is a real idiot.
[ link to this | view in chronology ]
Re:
What you call proof was generated by software.
All software has bugs in it.
I'll say that again:
All software has bugs in it.
I have seen some interesting research that demonstrates that mission critical software from some of the largest companies on the planet has bugs in it that affect it's main outcomes.
So what they have might be evidence but it is not proof.
To get something like proof you need to forensically analyse her machine. As for whether someone hijacked her wireless network - well that's just a conjecture suggested by her accusers to explain how it's her fault she was falsely accused rather than theirs.
[ link to this | view in chronology ]
Re: Re:
Unfortunately, bugs in mission critical software doesn't really mean anything in regards to this situation. Unless you feel that the presence of bugs in certain mission critical software proves that all of the logs and forensics available to this ISP are inaccurate, fabricated or unreliable? That's a pretty wild jump, in my opinion.
If I say that I can do a backflip, but you say that "most people can't", does that really prove that I can't? This is how your argument sounds so far....a bit weak.
Secondly, you say that it "...might be evidence but it is not proof." The primary definition of "proof" is (taken from merriam-webster.com) "the cogency of evidence that compels acceptance by the mind of a truth or a fact." Most people are not nearly as cynical as you, and trust that there's at least *some* reliability to the logging and forensics available to ISPs, and as such these logs do constitute proof. It's the whole "reasonable doubt" thing...
Finally, you suggest that you would have no proof without forensically analyzing her machine. This is incredibly false, for a number of reasons. I'll number them:
1) The violations were in the traffic itself, not the end user. It doesn't matter what is or isn't on her personal computer, the 18 separate accusations were that "this IP is transmitting illegal content (and violating the policies of the ISP in the process)".
2) What remains on her computer now is not forensically significant. Content can be deleted. And contrary to what you may see in the movies, it is possible to erase something from disk to the point where even the most sophisticated equipment on earth cannot recover it (not that the ISP would have access to any of these methods, or the ability to get a warrant to confiscate her computer for analysis).
So what is forensically significant? How about logs of 18 different accusations of policy violations? It only takes 1 verified incident to justify a response in line with the terms and conditions of the service. But you think they're all made up and unreliable. You shouldn't respond to this then, because I didn't even write any of this. It's all just an anomaly in TechDirt's database that coincidentally looks like proof that someone wrote this. Besides, TechDirt's database is probably much less reliable than an $13 Billion ISP's service logs. This post is probably just a bug, damn thing.
[ link to this | view in chronology ]
Re: Re: Re:
First of all, you are assuming that the ISP has sufficient evidence to prove wrongdoings on her account. Perhaps there is and perhaps there isn't, but isn't that the purpose of due processes to decide instead of just the ISP or the RIAA/MPAA and their influence on the ISP? If they have evidence why not present it in court and present it as part of the due process section. It wouldn't be good if cops could just declare that they had enough evidence to punish someone and if they could just decide to punish them on such basis without due processes.
[ link to this | view in chronology ]
Re: Re: Re:
Hacking Cable Modems for Fun and Profit
Cable Modem Hacking Goes Mainstream
Hacking routers did go mainstream and is in the realm of fantasy land any more is real and the way to do it is spoofing the MAC address which would say to the other machine that you are their costumer but it wouldn't tell you from where it was just a general area and because ISP's super oversubscribe you got 1000's of suspects not hundreds.
Logs in ISP are not forensic evidence and should never be accepted as such as they are unreliable, they are not DNA evidence, they are not fingerprint evidence of any kind, they can generate leads but in no way ascertain anything and those who think they could I hope are not IT manager but just ignorant people who don't understand what they are using.
[ link to this | view in chronology ]
Re:
You're being an idiot, I think most people know that computer viruses DO get on peoples computers and so does spyware and keyloggers. I think most people, including family members and friends and those who work for the organization, would know that the account has been hacked, especially if you have a reputation of being
A: computer illiterate
B: Not the type of person who would say mean things.
I don't think you would have to require much proof. Back when I was a little kid, when I had AOL, I've had my AOL account hacked by people who used it illegally and AOL didn't question it and they're strangers. I've known people who have had their accounts hacked by trojans and their account sent me the same trojan and I knew it wasn't them. They just explained their account was hacked and I, and everyone, believed them. It happens and everyone knows it.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re:
The fact that people should lock their doors does not mean that they are at fault if someone breaks in, steals a gun, and shoots someone else with it. The person committing the crime is responsible, not the person who didn't lock their house with bulletproof glass and steel cages, etc...
[ link to this | view in chronology ]
Re: Re:
But what if they leave the gun loaded and laying in the front yard? In other words, what if they use Windows?
[ link to this | view in chronology ]
Re:
Personally, I don't mind ISP's having (just about) any policy they want, PROVIDED (and this is KEY) the government doesn't in any way restrict competition. Unfortunately the government DOES restrict competition (ie: by granting cableco/telco monopolies) and as such the government SHOULD absolutely regulate company policy to some extent to ensure that due process is in order. The ISP's should not have it both ways, there should not be both government restrictions on competition AND no regulation to on company policy. Unregulated government restrictions on competition is not acceptable. In a FREE market if one ISP wants to cooperate with the MPAA/RIAA then I can easily switch to another.
Also, that does not mean that the government should create laws punishing ISP's that don't cooperate with draconian IP laws and that don't cooperate with the MPAA/RIAA. That would violate the free market and as such if the government is to create such laws then they should also create laws that ensure customers are subject to due process.
[ link to this | view in chronology ]
Also, in the emails posted by Qwest they right up and said that her IP address was dynamic and had also been used by others. Even without considering the widely-used practice of spoofing (not just IP addresses but also host names and physical NIC addresses) it seems the evidence provided by BayTSP is threadbare. And this is what the grand plan of graduated response is based on? Surely they must know that the ones who are actually doing it aren't getting caught while the ones who end up getting cut off are the only ones who even might have considered paying for content?
[ link to this | view in chronology ]
PEOPLE: DO NOT feed the trolls.
TAM = TROLL.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
The ISP is responsible
The (public) IP address is properly associated with the router, not the computer(s) behind it.
Therefore, I'd argue that if the ISP owns the router and manages it, they are responsible for securing it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Back to the bsics
They have to be sniffing the line somewhere. Unless they have permission from the owner or are a govt. agency with a warrant they are guilty of wiretapping. This is no different from someone listening in on a phone conversation and actually much worse as they are getting all kinds of traffic not just download stuff. Credit card numbers can be flashing by as well as social security numbers medical history, you name it. How do they get away unchallenged?
[ link to this | view in chronology ]
Re: Back to the bsics
[ link to this | view in chronology ]
Re: Back to the bsics
Once joined to a network, you can see the host names and IP addresses of the other network members you've connected to. The name can be whatever the individual client user wants it to be. The IP address can be spoofed, randomized, whatever. I'm pretty sure that on ed2k (don't use it myself, so I'm not clear on it) a client is connected to all the other clients on a given server even if they don't have the files the client user wants. So there again it's not really proof of anything.
This is just from the letters I've run across third-hand that came from BayTSP. I've only ever seen reference to files on ed2k networks (the client being used is identified in the letters). The only other things identified are the filename and the IP address, with data from a whois service (which for home users will show their ISP, I'd imagine). Really doesn't tell you anything, and in the end what little they do provide all rests on the assumption that the IP address and the content of the files are genuine.
[ link to this | view in chronology ]
Re: Re: Back to the bsics
ed2k had to pay $30m to the riaa for copyright violation in 2006.
[ link to this | view in chronology ]
Re: Re: Back to the bsics
You mean you ASSUME such. Remember what happens when you assume. This is why due process is very important.
Say I worked for a company and I sold widgets. Say grandma sells widgets on the Internet and she competes with me. Now maybe I don't want the competition. What can I do to stop it? Perhaps accuse her of file sharing. Without due process it would be easier for me to block her internet access, especially if I know there will be no due process.
Sure this is oversimplified but the point is that the lack of due process opens the door to all kinds of abuses. Due processes is important, not mere accusations. You don't know what evidence the ISP has, you're just assuming they had an IP address, etc...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Ways ISP logs get it wrong.
Spoofing IP and MAC address is easy and anyone can do it if they know where to look for. you can even spoof your IP using ping but no grandma would know how to do it or at the very least very few grandma geeks exist today.
Oversubscription is a good thing when is done with judgement but not at the levels done in the U.S., some very real problems that occur are high congestion rates and the need for more server to take load balancing duties this means simply that if someone spoof the MAC address from a router it won't show up at the node logs it could show up further on another node that got to help the other one with the traffic and this have some consequences, which connection is the real one? there is no easy way of knowing which of 2 address is the real one. More because of oversubscription a node is responsible for thousands of routers so the minimum resolution of something is in the thousands a very high number that is sure to cause very low detection rates that give very good cover to people abusing that system(crowd cover).
Most P2P trackers are poisoning their own networks with fake IP address, where the clients black list those address after not receiving anything from them or receiving garbage, but for people who collect IP's there is no difference unless they go the extra mile and try to download something from that IP. No where people are forcing those accusing them to show how exactly did they collect that data and that is bad.
Not to mention that faulty equipment can err. Databases get corrupted, humans failure, data entry errors etc.
So QWEST wants to play hard ball that is fine as long as they assume the consequences of doing so in the future and that could mean a very long list of lawsuits that could range from defamation to negligent behaviour and everything in between.
They did nothing to find a solution to the problem, they did nothing to trust the person.
They could have changed the routers and her MAC address, to see if that solved the problem, they could have asked permission to install specialized software at the routers to see if someone was targeting her, They could have temporary tagged her traffic to see if it was true or not, they could have done a dozen things to ensure that that person was really telling the truth or not but they did nothing of the sort, instead they threatened an old lady and said without fear that they would ruin her good name so that she could not get anyone else services that should be actionable and a no brainier in court.
The ISP did nothing and they are not obliged to do so, but to accuse and have no concrete evidence is just not acceptable and worst to act upon assumptions of guilty without real concrete evidence is just down right criminal.
[ link to this | view in chronology ]
Wirelless.
That is another point, many routers are not secure specially the cheap ones and cannot be because of hardware limitations.
[ link to this | view in chronology ]
Message of the day
Where there can be a problem there will be a problem.
[ link to this | view in chronology ]
Re:
I agree with this.
A: It's not secure so it can't be used for security.
B: It's not open, so it can't be used for as an open access point for businesses (ie: Starbucks and other coffee shops and malls) or anyone to provide free WiFi. The lack of security is better than WEP.
C: It can give ignorant people a false sense of security which can be dangerous.
The only use it has is if you're stuck with using a particular device that only supports WEP encryption and you think that some very weak security is better than absolutely none.
[ link to this | view in chronology ]
Q-West kicked another mother off line yesterday
Now she is asking me what to do with her e-mails from Q-west
[ link to this | view in chronology ]
Google/MiMTiD
[ link to this | view in chronology ]
Google/MiMTiD
[ link to this | view in chronology ]
well then....
i know this is not legit because i was away on a trip with my wife and child. I use a combination of wep and mac blocking. Also, to boot, both of my computers were turned off, and my laptop was with me. checking the logs of my router, i found no evidence of anyone entering it while gone, though not to say someone skilled didnt edit the log. So, this must mean they entered the modem directly then....so do i have any defense?
[ link to this | view in chronology ]