Motion To Quash Against Copyright Troll Explains How IP Address Does Not ID User
from the will-it-work? dept
That Anonymous Coward alerts us to a recently filed "motion to quash" (pdf) one of the many subpoenas that copyright troll lawyer John Steele has been trying to get courts to issue. After running into trouble convincing judges in his home state of Illinois, it appears that Steele has branched out. This latest involves a lawsuit filed in the Northern District of California, where (unfortunately) Magistrate Judge Howard Lloyd went ahead and allowed early discovery and the issuance of subpoenas. While this is standard in many cases, more and more courts have begun realizing it is not appropriate in these copyright trolling cases where the sole purpose is to identify users to try to pressure them into settling.While there have certainly been many motions to quash, this one made some particularly good points that seemed worth highlighting. First, it explains that IP addresses are not like fingerprints and do not identify a user (my emphasis):
The Third Degree Films complaint and ex parte request for expedited discovery form yet another in a wave of suits in which copyright infringement plaintiffs seek to “tag” a defendant based solely on an IP address. However, an IP address is not equivalent to a person or entity. It is not a fingerprint or DNA evidence – indeed, far from it. In a remarkably similar case in which an adult entertainment content producer also sought expedited discovery to learn the identity of persons associated with IP addresses, United States District Judge Harold Baker of the Central District of Illinois denied a motion for expedited discovery and reconsideration, holding that, “IP subscribers are not necessarily copyright infringers…The infringer might be the subscriber, someone in the subscriber’s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment.” Order of Apr. 29, 2011, VPR Internationale v. DOES 1-1017, No. 2:11-cv-02068 (Central District of Illinois) (Judge Harold A. Baker) [hereinafter VPR Internationale Order], attached hereto as Exhibit C. The point so aptly made by Judge Baker is that there may or may not be a correlation between the individual subscriber, the IP address, and the infringing activity. Id. The risk of false identification by ISPs based on internet protocol addresses is vividly illustrated by Judge Baker when he describes a raid by federal agents on a home allegedly linked to downloaded child pornography. The identity and location of the subscriber were provided by the ISP (in the same fashion as Plaintiff seeks to extract such information from Wide Open West.) After the raid revealed no pornography on the family computers, federal agents eventually learned they raided the wrong home. The downloads of pornographic material were traced to a neighbor who had used multiple IP subscribers’ Wi-Fi connections. Id. This risk of false identification and false accusations through disclosure of identities of internet subscribers is also presented here. Given the nature of the allegations and the material in question, should this Court force Wide Open West to turn over the requested information, DOE No. 605 would suffer a reputational injury.Separately, it notes that those using these tactics are using high pressure efforts to get people to pay up to settle:
If the mere act of having an internet address can link a subscriber to copyright infringement suits, internet subscribers such as DOE No. 605 will face untold reputational injury, harassment, and embarrassment. The reputational risk that Judge Baker found to be an undue burden is equally presented here: “[W]hether you’re guilty or not, you look like a suspect.” Id. at 3. Moreover, this case presents the same extortion risk that so concerned Judge Baker:From there, it argues that since an IP address does not identify the user, the subpoena itself is invalid:“Could expedited discovery be used to wrest quick settlements, even from people who have done nothing wrong? The embarrassment of public exposure might be too great, the legal system too daunting and expensive, for some to ask whether VPR has competent evidence to prove its case.”Id. Discovery is not a game. Yet, plaintiffs in these types of cases use discovery to extort settlements from anonymous defendants who wish to avoid the embarrassment of being publicly associated with this type of allegation. Id. Such abuse of the discovery process cannot be allowed to continue.
Additionally, this subpoena should not have been issued in the first place because the information sought is not relevant to Plaintiff’s allegations. Implicit in the rule granting subpoena power is a requirement that the subpoena seeks relevant information. See Syposs v. United States, 181 F.R.D. 224, 226 (W.D.N.Y. 1998)(“the reach of a subpoena issued pursuant to [FED. R. CIV. P. 45] is subject to the general relevancy standard applicable to discovery under [FED. R. CIV. P. 26(b)(1)].”). The information linked to an IP address cannot give you the identity of the infringer. VPR Internationale Order, at 2. Because the infringer could have been anybody with a laptop passing within range of the router, the information sought by Plaintiff is not relevant to the allegations in any way. Id. Moreover, even if the information has some small amount of relevance to the claim—which it does not—discovery requests cannot be granted if the quantum of relevance is outweighed by the quantum of burden to the defendant. FED. R. CIV. P. 26(b)(2)(C)(iii). Plaintiff’s request fails that balancing test. Given that DOE No. 605 was only one of many persons who could have used the IP address in question, the quantum of relevance is miniscule at best. However, as discussed above, the burden to DOE No. 605 is severe. The lack of relevance on the one hand, measured against the severe burden of risking a significant reputational injury on the other, means that this subpoena fails the Rule 26 balancing test. Id. Plaintiff’s request for information is an unjustified fishing expedition that will cause reputational injury, prejudice, and undue burden to DOE No. 605 if allowed to proceed. Good cause exists to quash the subpoena served on Wide Open West to compel the disclosure of the name, address, telephone number and e-mail address of DOE No. 605."Nice to see more people fighting back against obvious fishing expeditions. Hopefully more judges start realizing what these kinds of requests are really about.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: copyright, id, ip address, trolls
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
And they STILL miss the much bigger point
NOTHING that those systems do can be definitively laid at the feet of their (former) (putative) owners, because those computers really do not belong to the people on whose desks or laps they rest. Not any more. Those computers belong to their new owners, who are the botmasters controlling them.
And the new owners use them to phish, to harvest email addresses, to spam, to conduct DoS attacks, to host illicit content, to crack passwords, to do anything they want.
And there is absolutely no way for an external observer, watching the traffic in/out of that system, to discern which of it is associated with the old owner and which with the new. Astute guesses can be made: rolex spam is probably from the botmaster, POP requests to the relevant ISPs mail server the former owner. But these are still just guesses, and thus should not be admitted into evidence. And -- as botnet operators have become more crafty, they've also got much better at hiding their handiwork in "normal" traffic.
The only way to associate traffic with a user is to watch them type it/click it. (And even that is starting to become suspect as a methodology -- like I said, botnet operators have gotten crafty.)
TL;DR: there is a profound disconnect between "what X's computer did" and "what X did".
[ link to this | view in thread ]
How many courts have actually done this?
[ link to this | view in thread ]
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's use.
It's a great motion, but it ignores basic facts.
[ link to this | view in thread ]
Re:
The irony, of course, being that you failed to supply a single fact in your entire comment. All you did was put together a list of suppositions and opinions.
Nicely done, on the irony scale.
On the information scale....not so much....
[ link to this | view in thread ]
Re:
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's use.
It's a great motion, but it ignores basic facts.
I agree that there's good reason to allow discovery to commence against the subscriber of the IP address (and lots of caselaw to back it up), so I don't have a problem with these subpoenas, but I'm curious about your last remark. How is it that the subscriber is necessarily "legally on the hook for its use"?
[ link to this | view in thread ]
Re: Re:
Remember too: We are talking civil lawsuits, not criminal cases. While the motion suggests that IP isn't enough to pinpoint an individual user, it is certainly enough to determine the connection used, the location of that connection, who is responsible for that connection, and creates the old "preponderance of evidence" that the user assigned to that IP is responsible for what is happening on that connection during the time they are logged on.
It's the funny part here, we aren't talking "beyond a reasonable doubt". The motion MIGHT, MAYBE past muster if it was a criminal case, and even then, unlikely (see phone charge lawsuits). In a civil case, it's a slam dunk admission from the defendant that the IP address is theirs, that they were logged on at the time, but they are suggesting someone else might have used it. It's unlikely to fly in a civil case.
As for your comment, your reply is a little lacking in imagination and depth. On the irony scale, you win!
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re: Re:
First of all, the subscriber (of course) gets immediately sent a settlement offer agreement. Pay us now and we'll forget the whole thing. While settlements are quite common, the practice of nuisance suits is discouraged, and rightfully so. The last things these plaintiffs appear to want to do is actually go through with a costly trial. Sure, there might be an example or two made of some unlucky souls, but in the end these are nuisance suits, plain and simple.
Second of all, it's my understanding that just having an IP address and evidence that someone used it to infringe is prima facie evidence of infringement. Unrebutted, the plaintiff wins. I think that given the number of unprotected or public wifi connections that exist, there's a strong possibility that the subscriber didn't actually "do it." Given this, I think the plaintiff should have to produce more evidence to satisfy his burden.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: And they STILL miss the much bigger point
While I found your post insightful, someone at the ISP, for example, could discern that there is traffic going to and from the botmaster and the victim. The RIAA, from the outside, however, might not be able to.
[ link to this | view in thread ]
Re: Re:
Me: Well, there is a bunch of ways that you get to the same thing, but the easiest is contractual. Almost every ISP has a contract, a terms of service, that includes boilerplate style:
"You are solely responsible for all access to and use of the Service through your Account, including any breach of the Service Agreement, by you or any user of your Account. If you do not wish to be bound by the terms and conditions of this Service Agreement, and pay the fees, charges, taxes and expenses associated with the Service, you may not access or use the Service."
Right away, contractually the end user is responsible for the connection. That contract puts the connection in the sole control of that customer.
It isn't any different from phone bills, gas bills, electric bills, etc. None of these allow for a "SODDI" defence, unless you can show the "SODDI" in question, say by showing an illegal tap on your electrical line going to your neighbors house, or that someone has dug up and re-routed your gas line illegally.
The motion fails to show how a contracted service, limited by terms, assigned to a single customer for internet service is any different from any other utilities. It is clear in modern terms that internet service is no more and more less of a utility than any other monthly rate service for your home, and it creates a huge hill for these people to climb over to prove that somehow internet service is different from electricity or phone service.
Example: Let's say you have a house, and on the outside you have a number of plugs (to use for your electic lawn mower, example). One of your neighbors starts a small grow op in his shed, and runs extensions over and takes as much power as he can without popping your circuit breakers. Unless you can show where the power went, you are pretty much on the hook for the increased power use. Even then, you would likely have to prove that you were not helping him out. Good luck with that.
So I think that while the motion is nicely detailed and all that, it ignored basic facts and precedents that exist in law from 100+ years of utility services, billing, and collections.
[ link to this | view in thread ]
Re: And they STILL miss the much bigger point
That would be the ultimate LuLz.
Heck, people could do it to the iPhone and Android too.
[ link to this | view in thread ]
Re:
Botnets could transform 80% of the planet into criminals and people really didn't do anything they had their computers hijacked, and that is not even counting wardriving.
Not even the police can stop their computers from being compromised, not big companies that have millions to spend on security and you want people to be able to do it when most of then are in the 30K/per year income bracket?
[ link to this | view in thread ]
Re: Re: Re: Re:
In a civil suit, they don't have to prove absolutely that the subscriber did it. They only have to show a preponderance of evidence. OJ was not guilty of murder (criminal) but clearly liable in civil court. The standards are much lower.
The plaintiff shows that this IP was assign to this user at this time, this user is the subscriber, and has the needed equipment (computer) to have pirated the material. That would appear to be more than enough to satisfy the burden of showing that something happened, happened there, and happened with this subscriber, who is able to do the work (ie, the IP address isn't a printer or a DNS server).
The subscriber would then have to show that someone else did it. "could have done it" might be okay in a criminal case, as it might create reasonable doubt, but in a civil case, reasonable doubt isn't enough. The burder for the plaintiff is way lower here, and appears to be easily met by normal means, regardless of what all else comes up.
[ link to this | view in thread ]
Re: Re:
It's another SODDI defence, not exactly a strong reply to the lawsuit.
[ link to this | view in thread ]
This is fishing from a third party.
If the sole link between charges and persons is an IP address then it must be nailed down beyond doubt. I wouldn't consider anything less than real-time monitoring records (of actual copying or whatever) backed up by testimony of person who watched the info tap. Note that puts a high burden on plaintiff to pay up front for such monitoring, and that doesn't bother me. Otherwise, all you've got is a piece of paper with a number on it.
If the present low standard continues without questioning its relibility, then an inside person at an ISP could easily phony up records to convict anyone of almost anything on the net. I mention that only because within the realm of possible greed and perfidy, and will surely occur to someone else soon, particularly those in gov't.
[ link to this | view in thread ]
Re: Re: And they STILL miss the much bigger point
[ link to this | view in thread ]
Re: Re: And they STILL miss the much bigger point
But not any more. Botmasters are using encryption, tunneling, low-bandwidth/spread-spectrum techniques and the only way to really see what's going on is to instrument the system (say, by running it in a VM and looking at it with forensic tools from the outside). And that's not easy -- still doable, just technically challenging.
But we're not anywhere close to that in this case or the ones like it: plaintiffs continue to make the assumption that "traffic to/from your IP address" is completely equivalent to "traffic to/from you"...and it's not true.
[ link to this | view in thread ]
Re:
Ignorance on display.
[ link to this | view in thread ]
Re: Re: Re:
That would be the ultimate lulz!
Millions of people accused of piracy without having done nothing.
[ link to this | view in thread ]
Really... Then i guess i should have been responsible and paid that 6,000 $ cell phone bill that came in once.( back in the old days when i had the moto flip phone brick) It was my phone and ESN.
I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)
[ link to this | view in thread ]
I don’t say than I’m smarter than my house troll Gill Sperlein, but being an irrational person, I refused to pay ransom, though based on pure math it was the easiest way out (at least how felt at that time). Well, I’m not too irrational, put it in this way: I’m not rational at expense of dignity. I believe that I damaged his extortion enterprise to some extent.
http://fightcopyrighttrolls.com
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
In the end, there is plenty of precedents regarding long distance bills on a home phone, example. An internet connection isn't really and different from a phone, and that if the customer decides to freely lend the connection / phone to other people, they are the ones legally on the hook for it's us"
Really... Then i guess i should have been responsible and paid that 6,000 $ cell phone bill that came in once.( back in the old days when i had the moto flip phone brick) It was my phone and ESN.
I guess my mother should also be responsible when her long distance bill came in for 500.00 $ since it was her actual land line and she made the calls! ( Her long distance carrier was changed without her permission to some unheard of provider with all sorts of stupid charges on top of her calls)
[ link to this | view in thread ]
Re: Re:
So who should be held responsible for that? The user, because they signed up with Comcast for service, or Comcast, because they dropped a load of crap on the user's system, opening it up to all kinds of exploits that weren't previously available?
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Legal boilerplate doesn't obligate me: it's unconscionable.
In actuality, the only contract is the obvious common law terms: that I pay the ISP and their electronic equipment passes my data on through to the internet.
Legalistic corporatists rely on statute and "contract" law, but those don't supersede common law, nor in last resort, appealing to a jury on such basis. Lawyers profit from layering precedents and keeping the people ignorant, so even though you're "right" within weenie legalisms, you're WRONG in the court of public opinion.
[ link to this | view in thread ]
Re: Re: Re:
Right, but all of that is only relevant to your SUPPOSITION, that internet connections aren't much different than telephone lines.
"Remember too: We are talking civil lawsuits, not criminal cases. While the motion suggests that IP isn't enough to pinpoint an individual user, it is certainly enough to determine the connection used, the location of that connection, who is responsible for that connection, and creates the old "preponderance of evidence" that the user assigned to that IP is responsible for what is happening on that connection during the time they are logged on."
That's fair, though debatable. Certainly it isn't a "fact" as you'd stated. You've got a fairly hefty debate occurring over how responsible people should actually be for IP Addresses, with things like open WiFi and spoofing to be considered. This story actually hilights that such a debate is occurring. Those aren't facts, this is all opinion.
"In a civil case, it's a slam dunk admission from the defendant that the IP address is theirs, that they were logged on at the time, but they are suggesting someone else might have used it. It's unlikely to fly in a civil case."
All fair speculation. But that's what it is: speculation.
Look, partner, you're allowed to have an opinion. It's fine. But to make some broad statement about how everyone should see the facts here w/o actually presenting any FACTS is just silly. So just say it's your opinion.
"As for your comment, your reply is a little lacking in imagination and depth. On the irony scale, you win!"
.....what? Assuming everyone agreed that my comment sucked and lacked imagination and depth....where would the irony be?
[ link to this | view in thread ]
Re:
Also, while you may be responsible for your Internet and phone connections when you give permission to others for its use, the risk of your neighbor hacking your wifi to infringe copyright is certainly much greater than the risk of your neighbor hacking your cordless phone and making long-distance calls with it. The vast majority of routers that come from ISPs do not ship with WPA enabled, and so users should not be held responsible for illegal access that was facilitated by faulty ISP security policies.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
http://www.zeropaid.com/news/94409/p0keu-hacks-eastern-district-court-of-tennessee-website- passwords-exposed/
Can the Tennessee court of justice be liable for everything other can do now that they got their passwords?
Can the police be responsible for disclosing every informant they had and be sued for damages then?
They are the responsible parties for those things according to your own logic right, it was their computers, that were used to do those things and they are responsible right?
http://www.zeropaid.com/news/94630/load-gearing-up-for-massive-8gb-multinational-data-dump /
http://www.zeropaid.com/news/94625/p0keu-dumps-nearly-300-military-and-government-accounts-to-pas tebin/
Not even the government can secure their networks and you are saying somehow that majority of people that probably live on a 30K per year income needs to be responsible for that?
Are you stupid?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: This is fishing from a third party.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
The standards are lower in civil court, not non-existant.
[ link to this | view in thread ]
But then that could be why I submitted it.
I'm glad Mike liked it to.
My comments from where I originally came across the filing. This will also confirm to my own personal copyright troll I am who he thought I am, still confused... ask brice.
I LIKE THIS GUY!
He specifically introduced comments from one of the Judges who told Steele he would throw out every single one of the cases he tries to file from now on.
It points out the obvious that an IP address does not get you the infringer, and that the allegation is damaging to the people named and continues to be damaging if proven to be mistaken.
The #1 is very good... it points out in plain language that for all of the things they brought to court, none of them connect the does directly to infringing.
You can connect an internet service but you can not prove anything else about it.
#4 is hot because it points out that the Does even thou not named do have a right to move to quash records related to them.
#5 Jurisdictional challenge, well played...
#6 BTW the Judge who said ok to these subpoenas left the door open for the ISPs OR the Does to file motions to fxxk off
#7 IP Address is not the same as a fingerprint or DNA... far from it. That is a great attack on the tech challenged Judges, put it in CSI terms. Point out how even the Feds fxxked up using just an IP address.
#8 Point out the sheer number of people who might have done this who are not the Doe, and point out the lawyers can't prove or disprove anyone of them did or did not do it.
#9 Another quote from Judge who hates Steele about how this is abuse of the process because the mere accusation could ruin people if made publicly.
#10 - "The information linked to an IP address cannot give you the identity of the infringer."
O M G it gets amazingly better.... You want to read #10 for yourself.... its amazing.
If this stands... its amazing... it could really be hurtful to these entire shakedown mills if it is accepted by a court.
And if you think these are the champions of truth justice and the American way fighting these evil copyright infringers... I point you to the story over on Torrentfreak about the blind man being sued for downloading porn. Oh he has kids, like 4 and 5, and the trolls are aware hes blind, has an amazing defense, but they are still willing to demand and accept payment from someone they themselves are pretty sure is innocent, just so the blind man can make the case go away.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
If you are aware that your password got out, wouldn't you change it? Failing to change it after you know it has been broken would be pretty ignorant, wouldn't it?
All the data dumps in the world don't really matter anyway, because we are talking a very specific combination of user, location, ISP, etc. Are you so entirely ignorant of how the internet works to think that you can use and username and password at any internet connection and get service? Are you cracked?
Son, you disappoint. Your ignorance is showing.
[ link to this | view in thread ]
Re: Re: Re: Re:
Also PD's everywhere in the US had their systems compromised and could be prepared to be liable for all the confidential information that they let out.
[ link to this | view in thread ]
Re:
There is one really huge difference: with a telephone, you have a unique identifying number for the phone. With the internet, you don't (unless you are paying a premium for a dedicated IP address). You are assigned an arbitrary address that can be different every time you connect.
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
photo radar
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
http://www.zeropaid.com/news/94409/p0keu-hacks-eastern-district-court-of-tennessee-w ebsite-passwords-exposed/
Will the Arizona police be ever found guilty of anything?
http://www.zeropaid.com/news/94082/antisec-dump-targets-arizona-police-a-third-time/
You fail to see that obvious, if it is impossible to secure it, it is not negligence.
You can't ask people to do the impossible and say they are negligent.
[ link to this | view in thread ]
Re: Re: Re:
But the real issue here is do we as a society want this equation of "IP address" and identity? I'd argue "no". We as a whole don't want this, as it will cause more problems for more people, and it maybe solves a few problems for a few people.
In the end, what you've done is give us one more example of the legal system crawling inside itself, and coming unstuck from reality.
[ link to this | view in thread ]
Re: Re: Re: Obligation ends when someone else commits crime on your dime.
By your notions, if you rent a car and someone steals it, then you're liable for them running over children. - No, that's TWO crimes by someone else. See the difference?
Similarly, IF someone uses your internet connection without your knowledge or permission, then that's a crime in itself. A mere IP address doesn't make you guilty of whatever is done, then. That's the hurdle under discussion. Nor does the lack of technical expertise throw guilt back on. And always remmeber, people: we're entitled to a jury of our /peers/ not to a jury of weenies who owe allegiance to the legal guild, who depend on it for their income. So be sure that the first motion you ever file in ANY court case is for a jury trial -- even for a traffic ticket.
Reasonable people wouldn't conclude that everyone has to know every possible drawback to computer networking, when even experts in the field don't, even the engineers who build the equipment don't know every exploit, so ignorance IS a practicable defense for this. Not that I'd want to get to that point.
[ link to this | view in thread ]
Re: Re: Re:
Contractually they're responsible to the party they contracted with, i.e., their internet provider. How does that necessarily make them responsible to third parties though?
...it creates a huge hill for these people to climb over to prove that somehow internet service is different from electricity or phone service
But it is different, since I don't loan out my electricity or home phone to the world like I could if I leave my wifi open. Of course I'd be on the hook to the power company or the phone company for whatever bills I rack up, but that's different than being liable to some third party that I haven't contracted with.
I like the argument, but I have to think about some more.
[ link to this | view in thread ]
Re: And they STILL miss the much bigger point
Further, the question is always the same: Is the user liable for what happens on their connection, due to their computer being hacked, broken into, or failing to install and maintain proper anti-virus software?
The number of zombies online is greatly overstated, and for the most part these days are concentrated in countries with high software piracy rates - you know, the people who can't get windows updates, run systems with known security flaws, don't use anti-virus at all, and download anything and everything they can get their hands on without checking it.
The US infection rate for bots is somewhere around 1-2%, which puts it on par with many other criminal activities. At worst, there is a 1 in 50 chance that a given user has a bot on their machine. It is something that could clearly be determined when the machine(s) in question are seized as evidence and inspected.
All of which is part of a defence, but only comes after admitting that yes, you are the user at that IP at that given time. Then the rest of the case can move from there.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
"location" was added to troll's mantra only recently. Until they were pushed to the wall they tried to convince courts that it was impossible to deduct location from IP. Now some of them are pushing very bizarre conspiracy claims to overcome basic jurisdiction questions. All these games are nauseous and don't add to credibility of these "specifics".
[ link to this | view in thread ]
Re: Re: Re: Re:
I worked with facts. What are you working from?
[ link to this | view in thread ]
Re: Re: Re: Re:
Would you care to try again with actual examples that don't have other, clear ways of explaining them?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Now I know you are IT ignorant LoL
What do you think, people who are part of a botnet know they are part of one and don't try to do nothing about it?
Even the government had intrusions that lasted years now and you want to say that somehow normal people with no resources and no knowledge should be able to detect and do something about it when those things happen?
LoL
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
2. There were reference to judge's Baker's statement.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Are you suggesting that after they were hacked that they did nothing to change passwords or secure their network? Are you truly that stupid?
Damn, I will be happy when we get to September and you have to go back to high school.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Also you do understand that if I put a backdoor on someones system I own that box right, it doesn't matter where it is, what password it has, I will be the one in control, the same goes for routers that people think of as not being computers but can be hacked just the same, so your PC could be all clean but your router could have been compromised and its now owned by somebody else.
Why lawyers like you think they don't need to learn anything?
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
Wrong wrong wrong, and this has been discussed previously.
Long distance calls made on your phone is a billing issue between you and your phone company. And its a near certainty that you signed or agreed to be held responsible for the billing costs of those calls when you got the service.
A copyright infringement claim is a legal issue between you and a third party copyright holder. I would consider it highly unlikely that you signed an agreement with the copyright holder to be held legally responsible for copyright infringement that occurred on an IP address that happened to be leased to you at the time of infringement.
If someone breaks into a house and calls in a bomb threat from the phone, I have no problems with the police using the subscribers information as a starting point for an investigation into the identity of who called it in.
Under the law, I don't have a legal argument against a copyright holder filing an individual infringement suit for discovery of additional evidence against an individual unknown holder if they have more than just "this IP address was detected sharing content" - and then using the subscriber info from the ISP for further evidence collection that they have the correct person who was sharing the content.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Those are your own words stupid.
So the disclosure of all those informants the police had can according to your logic lead to the PD being liable for all the damages others suffer since they failed to secure their networks.
Also any damages resulting from the breach could lead the Tenessee court to be liable for those damages, since they failed to secure their networks.
Or are they not responsible for the equipment they connect to?
in your own fraking words again.
Quote:
Why are you trying to say it is different?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Not the government, not big companies, not even the courts can secure their networks so there is no negligence, what there is, is the impossibility of being secure.
If the courts asked for God to come down and testify would that be possible can anybody be held responsible for God not appearing in front of a judge?
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: And they STILL miss the much bigger point
That said, three of us with significant experience in the field came up with a consensus estimate several years ago based on very large-scale observations; at that point, we concurred that 100M was in the ballpark. In the intervening time, nothing has happened to indicate any decrease in that number, and a lot of things have happened to indicate a significant increase. (Consider: it is now fairly routine to hear reports of busts of botnets with 10M members. Surely those are not unique, and surely they're not the largest, and surely they're not the most competently-operated...since the latter won't be busted.)
Note that shortly after we made our estimate, Vint Cerf of Google made his: http://arstechnica.com/old/content/2007/01/8707.ars cites him as estimating that 150M out of 600M connected systems were members of botnets. That's 4.5 years ago, and in the interim, we've connected a LOT of new systems to the 'net, including smartphones, tablets, etc. So my view (as of summer 2011) is that any estimate under 100M is ludicrous and may be instantly discarded. Higher estimates vary, of course, but I think 200M is certainly "plausible", but would not reject (let's say) 150M or 300M, both of which are also possible.
And I think -- whatever the number is -- it's important to note that it's monotonically increasing, and that it will apparently continue to monotonically increase because nothing has been done to make it do something else. So if there are -- for the sake of argument -- 183M zombies today, then a year from now there will be 184M or 201M or 193M -- not 170M.
All that said, it's not clear to me who, in a civil case, is liable. For example, I would say "Microsoft, for shipping an operating system that's pre-compromised at the factory and unfit for any purpose". Others would blame the lack of anti-virus software, others would blame poor computer skills/habits, etc. I think there's a lot of debate here, both on a technical level and on a legal level. But I do think that plaintiff should be required to establish at least a reasonable likelihood that defendant did X, Y and Z -- and I think that in the present environment, even clinching, forensically-verified proof that the defendant's computer did X, Y and Z doesn't mean the defendant did it.
(Let me toss in an aside that many forensic examinations are awful. Note that last week here on TD we were reading about how the FBI was baffled by a dual-boot system. And remember the Julie Amero case, also discussed here repeatedly? That poor woman had her life destroyed by malicious prosecutors, ignorant police, and incompetent IT people.)
Where I will agree with you is that the statistical distribution of zombies has changed over the years. Botnet operators of course prefer control over systems with substantial CPU/memory/disk, and with adequate bandwidth. As the Internet has become more prevalent around the world, and as computer costs have dropped, there are more systems with more bandwidth available in more places. So whereas a 1995 botnet might have had most of its members in the US, Australia, and western Europe, today's botnets may have members in Vietnam, Peru, Romania, and Egypt. This may well overlap with bootlegged/unpatched software, but there's no way (that I know of) to measure that correlation based on what's in the packets.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
I'd be willing to bet that you can't.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Why Matt and Bethany Kostolnik are not in jail along with Barry Ardolf?
You see they could have end up in jail for things they didn't do, but were fortunate to have the money to pay for a forensic team to look into matters.
Others may not have that luxury though.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: This is fishing from a third party.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Quote:
Source: http://deyhimylaw.com/content/copyright-infringement-cyberspace-decoding-strict-liability
22 Sony Corporation of America v. Universal City Studios, Inc., 464 U.S. 417, 434-435, 104 S.Ct. 774, 78 L.Ed.2d 574 (1983).
23 The inference of knowledge/intent drawn from access in Columbia Pictures Industries, Inc. v. Zakarian, 1991 U.S. Dist. LEXIS 6978, at *10 (N.D. Ill. May 22, 1991), cited in Columbia Pictures v. Landa, 974 F.Supp. 1, 17 (D.D.C. 1997) turned on the fact that 144 videocassettes seized from defendant‟s business were illegal duplicates of the copyright motion pictures.
24 Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146, 1168 (C.D. Cal. 2002).
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Although at least in this instance, the standards are so low as to be equivalent to nonexistent.
Tying an IP address to a particular machine at a particular time doesn't even come close to identifying the person doing the deed. Botnets are rampant, and strangers using other people's wifi is extremely common even when the wifi is properly locked down (it's easy enough to hack into a wifi hotspot, even WPA protected -- that amateurs can and do accomplish it by using readily available software).
An IP address is proof, at best, only that that connection was used for that purpose. It indicates almost exactly nothing about the person who was using it.
[ link to this | view in thread ]
Re:
Didn't you listen to your mother at all?
[ link to this | view in thread ]
Re: Re: And they STILL miss the much bigger point
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Quote:
Source: http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
Also please explain why courts are ignoring ECPA:
Quote:
source: http://en.wikipedia.org/wiki/Doe_subpoena
[ link to this | view in thread ]
Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Legal boilerplate doesn't obligate me: it's unconscionable.
[ link to this | view in thread ]
Re: Re: Re: And they STILL miss the much bigger point
[ link to this | view in thread ]
Re: Re: Re: Re:
Look at the following post - exact opposite conclusion.
[ link to this | view in thread ]
Re: Re: Re: And they STILL miss the much bigger point
1 - Windows 7. Like it or hate it, it is incredibly much better at blocking these sorts of things from happening.
2 - 4.5 years of development by symantec and other companies on anti-virus technology.
3 - the shift to webmail: email use to be the best way to infect a system, because people would click attachments and such. Most of that sort of spam mail is gone.
4 - improved browsers, combined with better security tools, that do a much better job at stopping many of the biggest web based security attacks.
5 - Significant numbers of bot networks shut down, their C&C structures decimated, and so on.
Your numbers would be plausible if we straight lined previous numbers, but that isn't the case. Just the introduction of Windows 7 has, especially in the western world. changed the number of bot nets and such going on.
A quick story: I get a call the other day from "your internet provider" pointing out that I have a problem with my "windows computer". Turns out it's a scam from India to try to get you to allow a remote desktop access so they can install malware, under the guise of being your ISP. Stuff like this happens only because other infection paths are becoming too difficult. They are going for a direct method that requires tons of man hours, tons of effort, and tons of human engineering to get it done, all to get past the improved security of most computers these days.
As for distribution, countries such as Brazil have high botnet infection rates, as does mainland China, Thailand, Vietnam, and not surprisingly Spain. All countries that are incredible tolerate of piracy (or encourage it), and still have tons of people running Windows 98 or Windows XP, pre SP2. Those machines can be infected so easily, even Nicedoggy could do it.
Next time you are poking around, look at the connections into your mail servers, and see where the spam mail is actually coming from (don't both with headers, actually look at server logs). You will then know pretty much what is bot net, and what is not.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Obligation ends when someone else commits crime on your dime.
First, if you cannot prove your neighbor stole the power, who can you prove you aren't responsible for it? Think about it for a second. Did you file a police report? Did you report the theft? Or is it just "you think he did it"?
Rental cars? Well, it depends on where you rent it, and what you may have done that caused it to be stolen (like leaving the keys in it, example). Vicarious liability is a nasty thing, you could be found 1% liable, but being the only defendant with money, you could end up paying out the full amount. It's hard to say, and it isn't as cut and dry legally as you wish it was.
You said: " IF someone uses your internet connection without your knowledge or permission, then that's a crime in itself."
It depends. If you left your WiFi open for anyone to use, did they in fact commit a crime, or did you invite them in? As for guilt, you are again using the criminal standard, not the civil one. You are looking at absolutely proof, that is not required in a civil case, just the preponderance of evidence. While you can offer up some "maybe" or "perhaps", it is very hard to get away from the end user being the one paying the bills, maintaining the connection (modem, wifi, whatever), and having a computer more than capable of committing the piracy.
This is all of course without seizing any and all computers and equipment on premises as part of discovery to actually check them. We are only at the "can we bring a case against you" stage, and the bar at that point is even lower than a preponderance of evidence.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
Since I'm not going to allow any scripts to run.
Can anybody tell if Lynx works to view the comments there?
[ link to this | view in thread ]
Re: Re: Re: And they STILL miss the much bigger point
[ link to this | view in thread ]
Re: Re: Re: Re: And they STILL miss the much bigger point
I challenge that.
Quote:
Source: http://www.venganza.org/about/open-letter/
The graph:
http://www.venganza.org/images/PiratesVsTemp.png
You see I do have a graph to show for it, you OTOH just say things and doesn't show any sources to your incredible claims.
[ link to this | view in thread ]
Re: Re: Re: Re:
And it's only secure as long as it stays in this state, as soon as power or any network connection is attached to the computer, the system is no longer secure.
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
Would you be able to sing, dance and tap and then try to insert the key, for which you should sing in the exact tone necessary to open it or lock it?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Obligation ends when someone else commits crime on your dime.
If it was a rape victim would anybody condemn the lady because she was dressed provocatively?
There is no law forcing people to be experts or to have to lock down everything you are trying to input liability where there is none.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
:)
[ link to this | view in thread ]
Re: Re: Re: Re: Re: And they STILL miss the much bigger point
http://www.symantec.com/business/threatreport/print.jsp?id=malicious_activity_by_source
While the US is number 1 in this report, it was mostly about Rustock, which has been killed off. You will notice when you start looking down at the bot numbers, Brazil is nubmer 1. Considering how small some of these countries are, they have incredibly high rates of infection per 1000 users.
The rest of your post makes absolutely no sense. Is this something you are preparing for your grade 10 english test?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Obligation ends when someone else commits crime on your dime.
Quote:
Source: http://en.wikipedia.org/wiki/Doe_subpoena
Besides that little fact there is the "Good faith" thingy. What judge would grant a subpoena to a guy who after that contacts directly the accused and ask money from that person and never brings lawsuits?
That is no good faith, proper or right.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point
There is none you took that out of your ass.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point
Number 1 in number of scammers, not even the Nigerians can beat Americans and most of them are located in California, where Hollywood is coincidence?.
United States 66.1%
http://www.consumerfraudreporting.org/internet_scam_statistics.htm
See I can pull out numbers too, and make absurd claims that have no foundation in reality.
[ link to this | view in thread ]
Make it hard, or maybe impossible...
These lawyers seem to go after people that either don't know, or barely know what they are doing. I have yet to hear of someone getting sued that was running an encrypted hidden volume or whole drive encryption...
They can jump up and down until they explode, but at the end of the day, they can't prove you don't know your password lol...
[ link to this | view in thread ]
Re:
Guilty until proven innocent, huh?
In the end, there is plenty of precedents regarding long distance bills on a home phone, example.
So you're claiming *that's* a precedence? Whoo hoo, what a load.
In the phone case the subscriber that has agreed with the service provider to be liable for charges for such calls made on his line regardless of who actually made the calls. The case is similar with electric providers who bill the account holder regardless of who actually flips the light switch.
However, that's not like the case case here at all. In the case here a third party, with whom the subscriber has no agreement, is trying to hold them responsible for something they didn't do. And you're trying to claim it's the same thing? Man, you copyright people are sure a bunch of obvious liars.
It's a great motion, but it ignores basic facts.
Heh, talk about ignoring basic facts.
Abolish copyright.
Slavery couldn't be fixed by "fine tuning" it, and neither can copyright.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point
But high infestion rates are often found in countries with high piracy rates. The most common source is unpatched windows XP installs, which is usually a sign of someone using a copy that has been blocked from getting updates.
The only one talking out of your ass is you. Please stop already.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Make it hard, or maybe impossible...
I agree that defendants should make trolls' lives difficult as much as possible. There are ways of doing it:
- If you are sure if it is impossible that you have any trace of the file in question and you have many computers/external drives, don't hesitate to offer them all for forensic analysis. One box will cost trolls ~1000. If I I have 8+ PCs and laptops - do the math.
- If you encrypt your drive, use TrueCrypt' hidden drive feature. In short, it is possible to create an "encrypted drive inside encrypted drive", and it is not possible to distinguish the space occupied by such drive from encrypted free space in the first drive. From user prospective it is a drive with 2 passwords - entering one reveals the first drive (and you can hand it over), entering the second reveals the contents of the hidden drive.
[ link to this | view in thread ]
Re: Re:
Not to mention that having WPA enabled doesn't stop your wifi from being hacked. It does make it just a tiny bit harder (you have to intercept the traffic when someone legitimate connects, and your computer has to spend a half hour or so crunching numbers), but not so hard that script kiddies can't do it.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in thread ]
More interesting, was the answer by Randazza (we know how much I enjoy his work in this arena).
He said yes, and made the whole stolen car analogy.
But better was him saying that they would then subpoena every person you came into contact with to see if they were the one who infringed.
""Option A: We engage in discovery, seize all of the computers in the house, issue subpoenas to everyone the account holder knows, and start having depositions of everyone who lives in their home and neighborhood. By the time we’re done, we not only will likely have gotten to the bottom of things, we would have flipped the defendant’s entire life upside down. While that might get us somewhere, I prefer not to be that heavy-handed if I can avoid it.""
The sheer joy of Option A lies in how stupid they think Judges are.
Your honor, they got my name by claiming they had positive evidence to prove that I infringed their copyright.
Now we are in the portion where my side looks at the evidence to poke holes in it, and plaintiffs are engaged in a huge fishing expedition designed to annoy anyone I have ever met and to see if they might in fact be the infringer they are seeking. They claimed definitive evidence before this court to get my name in the first place, they seem to be admitting this is not the case.
They have mislead the court about their "evidence", engaged in "settlement negotiations" designed to intimidate and scare me into settling, and now we waste time in court as they decide they need to do actual discovery to make their case.
I'm still amazed by the idea that anyone can say these cases are not cash shakedowns wrapped up in legal wrangling. The fact that Randazza makes a statement publicly that they would have to seek out who the infringer really is goes against what they are telling the courts, that the IP address leads them to the infringing party. But then he holds the belief that account holders are entirely responsible for the actions anyone takes with their account, hacked in or not.
[ link to this | view in thread ]
Re:
First he tried to accuse Antonio in the tort, but after he realized that Antonio's defense is solid (the guy was not even in the US at the time of alleged infringement) he mulls some additional "discovery".
I talked to Antonio, and from his statements I realized that he did not know the difference between eDonkey and BitTorrent! What a shame (not to Antonio for not knowing, but to Sperlein/Randazza for pursuing a clearly innocent person) .
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
This is a numbers game, and to influence the numbers in your favor you steal copy from other people in the game to put on your website, and you talk publicly about the large "wins" you and others have gotten in these sorts of things. Mind you those cases are often exaggerated for the sake of the hype.
They put all of this out there so if you look into the specific troll that has you targeted you see all of this talk about how they crushed people here and there, and stories covering how wonderful they are at what they do.
The best example for me was a Dallas(? i forget) "news magazine" that wrote an amazing puff piece about Evan Stone. I took the writer to task directly about Stone facing sanctions for the fake subpoenas he sent out in violation of a court order... they killed those comments.
So what was left was a story about how he had his sights on some kids mom, who had admitted she did it and then on "bad advice" backed out of the payment agreement so he was taking the minor to court. And to add to this kids terror the newspaper called him to get "his side" of the story for the hatchet piece. They ignored Stone lifting the logo of the East India Company... it is sort of schizophrenic. Showing him as this awesome defender of copyright, who copied something belonging to someone else...
[ link to this | view in thread ]
Re: Re: Re:
Its entire purpose in life was to scan wifi networks and provide you with the key so you could reboot, input the key and have access to the wifi.
If you can plugin a flash drive and press an F key, you can hack a wifi network.
[ link to this | view in thread ]
Re:
There is a Judge in Illinois who promised to kick every single one of Steele's case's assigned to him. Hes quoted in the motion.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Because of this the onus of proof should not be on the respondent(s) to prove that the plaintiffs circumstantial, and in a lot of cases anecdotal, evidence is false.
This is why court upon court in numerous forums and jurisdictions have all stated that an IP address and a time do not create enough preponderance to identify a specific individual for anything other than they might know of something.
And lets not get into the very argumentative discussion on whether the plaintiff(s) evidence is actually able to be authenticated by an unbiased party. Most Plaintiff(s) in these actions are fighting tooth and nail to stop the authentication being analysed in discovery since it has been proven it is open to false positives, tampering, and downright fraud and is very much adverse interference on the part of some plaintiff(s).
But hey what do I know, other than dealing with this sort of evidence, investigation, and legalities every day.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: And they STILL miss the much bigger point
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re: Re: Re:
So I wonder if they get any traction on this whole open wifi makes you responsible BS if they are going to kill the future of tech...
http://www.wired.com/epicenter/2011/08/free-wifi-nyc/
And I have a feeling that in the case you cited, that he is just being punished now for daring to attempt to fight rather than pay up.
I find it very hard for them to prove someone out of the country could access their machine, when you use the lens of - He used BEST BUY to get his computer fixed. This is not the sign of anyone computer savvy.
They could be trying to get the open wifi means your guilty to stick, or trying to run the bill up so they can point out how expensive it can be if you opt to fight rather than just pay them off.
Both of these would make powerful tools in the pay us or else schemes to scare more people into compliance.
When innocent people pay just to make it stop, the law has failed hard.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Obligation ends when someone else commits crime on your dime.
The guy is just being nice in allowing them to settle. They don't have to if they don't want to.
[ link to this | view in thread ]
Re: Re: Re: Re:
I once received a very large long distance bill from AT&T for calls to a bunch of places all over the world (mostly banks it turned out) during the day when I was at work. AT&T insisted that that the calls had been made on my phone and that I must pay up. Well, the only way those calls could have been made from my phone would have been by someone entering my apartment during the day with a key and making them. After many fruitless calls to AT&T, and them insisting that no mistake could have been possibly made, I finally told the AT&T person that I was about to call the police and report a break-in. About five minutes after I hung up AT&T called back and said that they had experienced an "equipment issue" and admitted that the calls had actually been made by some bank downtown and not even from my phone in the first place. They took the charges off, but only after I was about to get the police involved.
If AT&T can make that kind of mistake with a phone number, don't try to tell me that IP addresses can't be wrong too.
[ link to this | view in thread ]
Re: Re: Make it hard, or maybe impossible...
Citation needed.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re:
Please quit telling such lies. The ISP may provide the identity of the account holder, but likely have no idea who the user was.
So far, we have a whole lot of proof, more than enough at that point to meet the old preponderance standard.
Not even. Considering the number of people it often *could* be, the odds are *way* lower than even "probable" that the correct person has been identified. Why do you tell so many lies? Does copyright make you do it? If so, we need to get rid of copyright.
[ link to this | view in thread ]
Re: Re: Re:
Exactly. And let's say that the body of a dead person turns up in your front yard some morning. It's your yard, so unless you can prove that you didn't kill them, you're going to be responsible for it (at least civilly to the victim's family and maybe criminally too). So if you don't want to take that kind of chance you'd better build a tall fence around your front yard. If you don't and something like that happens and you get blamed for it then it's your own fault and you deserve whatever happens to you.
[ link to this | view in thread ]
Re: Re: Re: Re:
That's known as the bizarro world of copyright apologists.
[ link to this | view in thread ]
Re: Re: Re: Re: And they STILL miss the much bigger point
1. Windows is still Windows -- a markedly inferior operating system both in design and implementation. (As are the associated applications.) Windows 7 may be an improvement, and it appears to be so in some aspects, but it is still miserably insecure and routinely breached. It is worth noting that not even Microsoft, who wrote it and has essentially infinite personnel and financial resources, has been able to do so.
2. Anti-virus software is worthless pablum. It's a greedy attempt to exploit the people who purchase and operate inferior operating systems. Those who choose their operating systems properly do not NEED anti-virus because they run operating systems which are of sufficient quality. Those who choose their operating systems poorly are deluding themselves if they think anti-virus will save them.
3. The shift to webmail has diminished the use of some propagation vectors; it's brought new ones. Surely you are aware that some major webmail providers, such as Yahoo and Hotmail, are riddled with security holes, are utterly incompetent at stopping inbound or outbound spam, phishing, and exploits?
4. Yes, some browers are better, although IE is still a worthless piece of shit that nobody should use. What has also helped is the deployment of browser add-ons such as NoScript. If we were really serious about security those wouldn't be add-ons but would be built-in to every browser. Of course the idiot web designers who cook up sites whose home pages won't even display without scripting would be appalled, but they are disposable.
5. The shutdown of a botnet is of no importance whatsoever. It merely provides an opportunity for Microsoft et.al. to beat their chest and lie about what a great victory they've achieved...when in fact they've accomplished nothing. Of course all the zombies that are part of that botnet are still fully-compromised, they still have the security holes, they still have the same careless, clueless users, they still have the same inferior operating system, they still have the same crappy applications. And so, soon enough, they will be part of another botnet.
As to the connections into my mail servers, if you will review the archives of spam-l from the better part of a decade ago, you'll find that I was one of the (several) people using not only connecting DNS/rDNS information, but passive OS fingerprinting to identify their OS. I'm not only familiar with these techniques, I invented, or co-invented, some of them. I am (painfully) well aware of what the landscape out there looks like, and thus equally-painfully well aware that the situation continues to get worse.
And therefore I dismiss, with prejudice, any suggestion that the number of zombies is getting smaller. Not only is there absolutely no reason for that to happen, but (close to) a decade's worth of data says precisely the opposite.
[ link to this | view in thread ]
Re: Re: Re: Re: And they STILL miss the much bigger point
Such an obvious pathetic attempt at social engineering!
[ link to this | view in thread ]
Re: Re: Re: Re: Re: And they STILL miss the much bigger point
See for example: http://techcrunch.com/2009/07/19/the-anatomy-of-the-twitter-attack/ for a case study. Approaches like this are frequently succesful because nearly all organizations presume that their users are secure...and they're not.
So it didn't work with you: are you certain it won't work on the idiot three offices down, you know, the one who clicks on everything shiny?
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Re: Obligation ends when someone else commits crime on your dime.
[ link to this | view in thread ]
Re: Re: Re: Make it hard, or maybe impossible...
[ link to this | view in thread ]
Re: Re: Re: Re: Re:
[ link to this | view in thread ]
Re: Re: Re: Re: Make it hard, or maybe impossible...
That citation does not support the claim made. It makes no mention of "contempt" or of forgetting passwords. In fact, all the government was demanding was the contents of the drive, not the password itself.
Fail.
[ link to this | view in thread ]
Re: photo radar
Not sure, but I believe the province is still photo~radar free. It was for at least a few years after that case.
[ link to this | view in thread ]
Re: photo radar
For a while and I think, even now, this province is free of that particular iinjustice.
Now for the other 8,734 injustices...
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Make it hard, or maybe impossible...
Well, you asked me for a citation, to to support my claim.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Make it hard, or maybe impossible...
Well, you asked me for a citation, not to support my claim.
[ link to this | view in thread ]
Re: Re: Re: Re: Re: Re: Make it hard, or maybe impossible...
You really thought the request was for a citation that *didn't* support your claim? Really?
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]