Oklahoma Security Expert Attacks RIAA Claims

NewYorkCountryLawyer writes "A group of Oklahoma University students has made a motion to vacate the ex parte order the RIAA had obtained compelling the university to turn over their names and addresses. In support of their motion was the expert witness declaration (PDF) of a computer security and forensics expert who essentially attacked the entire premise of the RIAA's lawsuit, characterizing the declaration upon which the RIAA based its motion as 'factually erroneous' and 'misleading.' Among other things he pointed out that 'An individual cannot be uniquely identified by an IP address,' and that 'Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points.' The students are represented by the same Oklahoma lawyer who recently obtained a award for $68,000-plus in attorneys fees against the RIAA in Capitol v. Foster."

Heard in an RIAA conference room ...

[ScrewMaster (602015)]

"Oh SHIT ... not this guy again."

Re:

[ookabooka (731013)]

/me listens to the hubub as the RIAA tries to drop the suit, but gets locked in because a counter-suit was filed. . .oh snap.

Re:Heard in an RIAA conference room ...

[Wavicle (181176)]

Other thing heard in an RIAA conference room...

"Hey, didn't the whole slashdot community say the exact same thing [slashdot.org] last month?"

We could have at least gotten credit for it.

Re:Heard in an RIAA conference room ...

[NewYorkCountryLawyer (912032)]

Other thing heard in an RIAA conference room... "Hey, didn't the whole slashdot community say the exact same thing [slashdot.org] last month?" We could have at least gotten credit for it.

Indeed it has. And on more than one occasion.

And I got news for you, that was heard in an RIAA conference room.

Only thing, they're not good listeners, as you may have noticed already.

Re:Heard in an RIAA conference room ...

[RTofPA (984422)]

Only thing, they're not good listeners, as you may have noticed already.

Kinda ironic, considering they represent the music industry (supposedly). Or, maybe not, considering they (supposedly) represent the music industry, and anyone who willingly does that can't have good hearing.

Re:Heard in an RIAA conference room ...

[morgan_greywolf (835522)]

And it's not just us, there have been many experts who've said the same. I think it's about time that someone with like this guy offer expert testimony to those who have been victimized by the MAFIAA.

I don't hold out any hopes that the MAFIAA will listen or even care. The aim here is to establish legal precedent in a court of law that says the MAFIAA, when they use spurious technical evidence to try to extort thousands of dollars from people, doesn't have a legal leg to stand on. It doesn't matter whether they agree or not. All that matters is that judges know the truth and that truth gets added to the patchwork quilt of established law that is legal precedence.

Sad thing is...

[Hsensei (1055922)]

No matter who comes out on top only the lawyers win. :/

Re:Sad thing is...

[couchslug (175151)]

It is to be hoped that some of those students are going to BE lawyers one day, and all this lawyer hatin' conveniently ignores that many lawyers are idealists and work pro bono for good causes.

I delight in seeing young people use the system to fight for their freedoms.

Re:

[nurb432 (527695)]

Thats beacuse they now effectively run this country. ( and are in the process of running it into the ground, for a profit )

Re:

[SanityInAnarchy (655584)]

Makes me wish I was a lawyer, but law school would be too long and expensive for me :/

Re:Sad thing is...

[by Anonymous Coward]

No matter who comes out on top only the lawyers win. :/


Mmm.. I doubt it. I'd be surprised if most of the lawyers defending RIAA "victims" (for lack of a better word) are charging their full rates, considering they're mostly defending poor college students.

On the other hand RIAA lawyers aren't paid by the hour, and whether they win or lose their salary is the same (you think they're working for a percentage of a $10,000 settlement?)

They've created a climate of fear, which is all this has been about from the beginning. If they win a case the reward is a pittance to them, if they lose, well, they can afford it. Either way, considering the press it's still generating a lawsuit costs much less and is much more effective than a prime time television ad campaign. Unless there's some way to assign a penalty that really hurts or put a stop to their abuse of the legal system altogether they will continue to sue even if they lose almost every case.

Re:Sad thing is...

[NewYorkCountryLawyer (912032)]

Countersuits are one way to deal with this. Though, I imagine most people just want to get everything over than enter another legal battle.

Litigation is never a good solution to anything. It should always be a last resort. Unfortunately the RIAA doesn't see things that way.

Re:

[zippthorne (748122)]

geez, this meme is almost a decade old. enough, already.

Oh come on

[Token_Internet_Girl (1131287)]

"Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points" Did the MAFIAA really think someone would overlook this point? Anyone with a class in Internet 101 knows that routers assign one IP address to represent whatever computers are attached to it. I'm glad their having their asanine package of BS handed right back to them.

Re:

[jfclavette (961511)]

Maybe you should retake that Internet 101 class then. There are a few routers out there that assign different IP adresses to different 'computers.' In fact, that was pretty much the whole point of routers before NAT showed its ugly face.

Re:Oh come on

[russ1337 (938915)]

>>> There are a few routers out there that assign different IP adresses to different 'computers.'

I guess I'm only safe when my local Starbucks has had 4,294,967,296 unique wi-fi visitors and has to start over...

Re:

[guruevi (827432)]

You really think that there is any appliance that keeps a database of all IP's it has passed out through the days/months/years?

Just to give you the (raw) calculation: you would need
(IP + MAC + newspace + (2* blank space)) * available hosts in the subnet to get it in any readable format

(12+ 16 + 1 + 2) * 65534 bytes (the average subnet) would cost you 2MB of raw space.

It is possible and probable for a full-fledged server system for an ISP (and even they don't keep track of it longer than a number of

Re:Oh come on

[fredklein (532096)]

I think the RIAAs point is that whoever runs that router (and, presumably, the network connection) is responsible for the traffic it passes.

Like a Red-light camera: they send the ticket to the owner of the car, not necessarily the driver. (Of course, in that case, the owner can simply prove it was not them, and provide the name of the driver, and the ticket will be re-assigned.)

I don't necessarily agree with this, but most ISP's have similar clauses in their TOS: You are responsible for whatever your equipment puts out/takes in over the network connection. I'm not sure what makes Starbucks (for instance) not liable if a wifi customer downloads kiddy porn, but a person who owns an open WAP gets their PCs confiscated by the cops. But I wish the 'immunity' applied to anyone.

Re:Oh come on

[proverbialcow (177020)]

Like a Red-light camera: they send the ticket to the owner of the car, not necessarily the driver. (Of course, in that case, the owner can simply prove it was not them, and provide the name of the driver, and the ticket will be re-assigned.)

Or, as in the case of Minneapolis' red-light cameras, the entire process is deemed unconstitutional because it presumes guilt rather than innocence.

Re:

[Buran (150348)]

Wow, did you miss the point. You yourself admitted that the driver (the guilty party) can't be identified. You can't accuse anyone of doing something illegal and prosecute them unless you can prove beyond a reasonable doubt that the individual is guilty. And the accused has a right to face their accuser in court.

Re:

[fredklein (532096)]

ARGH. Shudda previewed.

the driver (the guilty party) can't be identified

It's reasonable to assume that, since it's YOUR car, YOU are the driver.

Just like, if YOUR specially autographed baseball bat was used to beat someone to death, it's reasonable for the cops to assume YOU did it. It's YOUR bat.

If you have evidence to the contrary (like you know who was really driving the car, or you lent your bat to a friend), then you can present it.

You can't accuse anyone of doing something illegal and prosecute them u

Re:

[fredklein (532096)]

All you have proof of is that something owned by a particular individual was used in the commission of a crime. You do not have proof that that individual was the guilty party.


But that is enough for the police to arrest (or at LEAST question) you. It's enough to get you put on trial.

If the item is a common item (a Yellow #2 pencil), then there is loads of doubt. Was it MY Yellow #2 pencil, or one of the MILLIONS of others that are made each year? Even if it was mine, anyone could have taken one from by de

Re:

[richie2000 (159732)]

Either way, there is no way for law enforcement to know who was driving...

Unless the camera takes a picture of the driver and the Police compares this shot to the photo of the car's registered owner that the DMV should have on file. If they match, they send out the fine. If it doesn't, they drop the case as it's too much work digging up and comparing photos of all possible drivers. BTW, this is how automated speeding cameras work here in Sweden.

If wishes were horses

[Kaseijin (766041)]

I think the RIAAs point is that whoever runs that router (and, presumably, the network connection) is responsible for the traffic it passes.

That's their theory. To the best of my knowledge, no court has ever bought it.

...I don't necessarily agree with this, but most ISP's have similar clauses in their TOS: You are responsible for whatever your equipment puts out/takes in over the network connection.

That's a contract between the ISP, the customer, and no one else.

I'm not sure what makes Starbucks (for instance) not liable if a wifi customer downloads kiddy porn, but a person who owns an open WAP gets their PCs confiscated by the cops.

The person is, reasonably, a suspect.

Re:Oh come on

[ScrewMaster (602015)]

The problem seems to be growing the awareness of these basic facts among the judiciary: cases like this can only help in that regard, I'd think. Those of the legal mind are fond of informing laymen that the law is complex and ever-changing and that only one who is properly trained could possibly comprehend its intricacies. I personally believe that the law is often more complex than it needs to be (and that is certainly no accident) but, okay, I'll buy that argument. As an engineer I cheerfully admit that the law is an arcane mystery, and I would certainly never set foot in court without proper representation.

However, the truth is that the global network and the technologies behind it are pretty goddamn complex as well, and change more often than the average trial lawyer changes his boxers. Gross oversimplifications and prevarifications regarding network technology, such as those pulled out of thin air by the RIAA's so-called "expert witness", have so far resulted in several severe miscarriages of justice. Unfortunately, while it is a necessity to have legal representation in a technical case, there seems to be no corresponding requirement that the legal beagles involved have a clue about technological underpinnings of said case. Given how successful the RIAA has been with the testimony of Mr. Linares, it's apparent that expert witnesses are of no help when the people making the legal decisions don't have the mental knowledge base to tell the wheat from the chaff.

Re:Oh come on

[NewYorkCountryLawyer (912032)]

The problem seems to be growing the awareness of these basic facts among the judiciary: cases like this can only help in that regard, I'd think. Those of the legal mind are fond of informing laymen that the law is complex and ever-changing and that only one who is properly trained could possibly comprehend its intricacies. I personally believe that the law is often more complex than it needs to be (and that is certainly no accident) but, okay, I'll buy that argument. As an engineer I cheerfully admit that the law is an arcane mystery, and I would certainly never set foot in court without proper representation. However, the truth is that the global network and the technologies behind it are pretty goddamn complex as well, and change more often than the average trial lawyer changes his boxers. Gross oversimplifications and prevarifications regarding network technology, such as those pulled out of thin air by the RIAA's so-called "expert witness", have so far resulted in several severe miscarriages of justice. Unfortunately, while it is a necessity to have legal representation in a technical case, there seems to be no corresponding requirement that the legal beagles involved have a clue about technological underpinnings of said case. Given how successful the RIAA has been with the testimony of Mr. Linares, it's apparent that expert witnesses are of no help when the people making the legal decisions don't have the mental knowledge base to tell the wheat from the chaff.

The Linares dribble -- like the Whitehead dribble which preceded it -- "succeeded" only because it was used only in ex parte cases, where there was no opposition. Now that opposition is starting to form, and now that judges are starting to reject [blogspot.com] even the ex parte motions [slashdot.org], awareness may be growing among members of the judiciary.

Re:Oh come on

[TooMuchToDo (882796)]

I've got a Cisco 2600 series router that begs to differ with you.

What's taken so long?

[willow (19698)]

I'm wondering why it's taken other lawyers so long to realize the RIAA is ripe for fleecing with their undefendable suits. Surely the lawyer vs. lawyer guys would have figured out by now that the RIAA, with so much $$$, is ripe for plucking...

I'm actually ashamed of this, BTW :)

OSU, not OU

[epmos (468595)]

Nitpick:
TFA says the 11 students are at Oklahoma State University (OSU), not that Other University to the south (OU).

[ Yes, I am an alumni of OSU. ]

While we're nitpicking...

[Ungrounded Lightning (62228)]

[ Yes, I am an alumni of OSU. ]

Are you an alumnUS? Or are you siamese twins?

Re:

[the eric conspiracy (20178)]

No, he is an autonomous collective off mind-melded cyborgs. This is slashdot, after all.

heh

[japhar81 (640163)]

One can only hope that if they get hit upside the head with a proverbial baseball bat often enough, perhaps they'll learn? After all, even the dumbest dog learns after a while, right? Nah, probably won't happen..

As a matter of curiousity...

[PhysicsPhil (880677)]

...how big is the school in question? I've been wondering recently whether the RIAA has ever gone after schools with big legal programs. Have they been avoiding a fight with students who might have a large number of friends training to be lawyers? I have visions of some professor who gets sufficiently aggravated that he assigns his entire class to bury the RIAA in legal briefs.

Re:

[i)ave (716746)]

As some have pointed out, this legal attack involves students from Oklahoma State University, about 15,000-20,000 students. For the record, OSU does not have a school of law. The University of Oklahoma has a school of law, as does the University of Tulsa, and Oklahoma City Univesity. One wonders if the RIAA is focusing its efforts on big universities and the publicity they generate, but avoiding those universities that have a school of law (and the professors of law that accompany them) to avoid the scenari

Re:As a matter of curiousity...

[NewYorkCountryLawyer (912032)]

You missed the one a week or two ago where they were about to start going after Harvard - and Harvard's response was, in effect, "get bent"?

Not so. They've never gone after Harvard and probably never will.

That's because it's not in the RIAA's playbook to pick on someone who can fight back.

The articles you're thinking of, by Harvard Law School profs, "Universities to RIAA: Take a Hike" [blogspot.com] and "Protect Harvard from the RIAA" [blogspot.com], urged Harvard and other universities to fight back if the RIAA were to come knocking.... but so far it hasn't come knocking at Harvard.

And don't hold your breath waiting for it to do so.

Re:As a matter of curiousity...

[BalanceOfJudgement (962905)]

Not so. They've never gone after Harvard and probably never will.

That's because it's not in the RIAA's playbook to pick on someone who can fight back.

Not to be pedantic but some of those 'good ol boys' probably went to Harvard as well, and so aren't inclined to embroil their Alma Mater in legal battles when there are so many other available targets.

Re:

[bzipitidoo (647217)]

That they won't go after Harvard implies a lot. 1. They know Harvard will fight, and will win the fight 2. Why will Harvard win? Through sheer prowess of their legal expertise? No. Because Harvard has an angle, and unfair advantage like being owed a lot of "favors" from many judges? No. It's because Harvard is on the right side of this issue. I think the MAFIAA understands this. 3. But the MAFIAA does act as if they feel they are in the right, morally, if not legally. So they go on screeching abou

Just a motion

[obeythefist (719316)]

So what is the most likely outcome of the motion?

A little oversimplified...

[edashofy (265252)]

"Many computers can be connected to the Internet with identical IP addresses as long as they remain behind control points."

Yes, we all know this is true from a technical perspective. However, the RIAA is not as dumb as to ignore it. From the depositions in the Lindor case (posted earlier by NewYorkCountryLawyer) they are also relying on the fact that Kazaa (and workalikes) apparently include the local IP in the protocol. So if I'm behind my router, and my IP is 192.168.1.1, but my router's IP is 123.45.6.78, then the RIAA will see BOTH addresses and know whether there's some NATting going on with a pretty high degree of certainty. However, if Kazaa reports the local IP as 123.45.6.78 as well, then it's highly unlikely any more than a single computer is behind that IP.

Reading the report, the "expert" here appears to be completely ignorant of this fact.

Also, some of this is really atrocious. Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured. If you connect to 'linksys' are you "hacking" that network? Would you use that term No. No "hacking" (in any reasonable sense) is going on.

Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes." A back-door is not a "code" or a program, nor are botnets. Bots are, Trojan (Horses) are, and they can open back doors. Precision, please?

Do look at the expert's biography page [f0rb1dd3n.com] on the site shilling his book. Plenty of asserted qualifications and certifications, although I don't see any formal degrees listed anywhere. It also asserts that "One final note Jayson was chosen as one of Time's persons of the year for 2006." (hint: so were you). The grammar in the bio is even worse than in the expert brief. Do a search for his name and you'll find precious little at all.

I'm not saying that the RIAA is doing due diligence; the Lindor briefs leave a lot in question (although less than most slashdotters would like). However, fighting back with equally specious and unresearched information doesn't seem to be a much better strategy.

Re:

[by Anonymous Coward]

Most large internal private networks work off of DHCP, and that means the IP usually changes for each user after they shutdown their computer (depending on the DHCP lease of course, it could be shorter or longer). The next time the user logs back on to the network or resolves DHCP they will more then likely have a new IP.

**For the RIAA to have sufficent evidence the internal IP would have to be accompianined by the actual MAC Address of the physical computers NIC (this would also be the same for the externa

Re:A little oversimplified...

[tftp (111690)]

Indeed, I read his deposition and basically all he does is state that you are anonymous behind a NAT. I am sure the logs do not indicate that 192.168.1.250 is the offender. There must be something more tangible. The expert probably just refuted literal RIAA's statements, ignoring the context (I haven't seen the logs so can't say for sure.)

One thing, though, he could have mentioned - various IP spoofing methods. Imagine you are on a DHCP network (on campus, for example.) You ask for an IP and you will get it, and this will be logged: "00:f0:3e:45:33:66, authorized as belonging to John Doe, asked for an IP and got 10.0.15.213 for 6 hours". Nice. However what if you want to misrepresent yourself? An enterprising student can use ping and arp (if not some better tools) to find out what IP and MAC addresses are online, and once some of those computers go to class (or to sleep, for example,) take over the MAC address and ask for a new DHCP lease ... done, and you have a new shiny IP address, perfectly logged as belonging to John Doe whereas you are someone else entirely.

This would clearly demonstrate that the DHCP has no authentication beyond the MAC address, and that can be easily changed [nthelp.com] on many cards. Any judge, however technically illiterate, can understand that if you can get any identity by just asking then it's pointless to hold the identity owner responsible.

This text, as seen here [windowsecurity.com], would be relevant in the expert's refutation:

Unfortunately it's the very simplicity of DHCP that's actually the problem as far as security goes. No authentication or authorization takes place during an exchange between a DHCP server and DCHP client, so the server has no way of knowing if the client requesting the address is a legitimate client on the network, and the client has no way of knowing if the server that assigned the address is a legitimate DHCP server. The possibility of rogue clients and servers on your network can create all kinds of problems.

Re:A little oversimplified...

[langelgjm (860756)]

Did you read the same brief I did? Because your quotes don't match with what is in the PDF file.

Also, some of this is really atrocious. Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured. If you connect to 'linksys' are you "hacking" that network? Would you use that term No. No "hacking" (in any reasonable sense) is going on.

Here's what I see in the PDF: "An example of the dangers of open networks is the case of Walter Nowakoski. Nowakoski connected to unsecured home networks and used the bandwidth via unencrypted wireless networks to download child pornography. This is an example of criminals using networks of others to commit crimes so that the innocent are victims twice - once for the theft of their own network resource and then when they are wrongly accused for the illegal activity."

Is the "expert" a native English speaker? "Botnet, Trojan, and Back Door are example of malicious codes..." Aside from the grammatical atrocities, I have never heard of my fellow software engineers referring to software programs as "codes."

Not to be picky, but if you're going to comment on the man's grammar, at least have the courtesy to quote him correctly. He conjugates the verb correctly, saying "... are examples of malicious codes..."

Re:

[edashofy (265252)]

Page 7:

"Exhibit 6: Sci-Tech November 23, 2003 article from CTA News Staff reporting a driver of a motor vehicle engaged in internet child pornography utilizing a laptop computer and Wi-Fi (wireless fidelity) card to crack into a computer in a nearby home."

The text you cite is, as I explained, separate at the end of the article.

You're correct, 'example' was my typo. My bad.

Re:

[langelgjm (860756)]

Ok, fair enough, though that of 'cracking' could simply be taken from the "article" he is talking about... It sure doesn't help that the text isn't searchable/selectable.

Re:A little oversimplified...

[Dunbal (464142)]

Early in the report it cites an example of someone downloading child pornography sitting in a car by "hacking" a wi-fi network. Only at the end of the report does it admit that the network was unsecured.

      Ok, now tell me how hard it is to hack a WEP-enabled wireless network? It takes all of what, 90 seconds?

why hasn't a judge censured the RIAA for this?

[DragonTHC (208439)]

why aren't judges protecting the people?

The law is not really in the RIAA's favor here.

The RIAA has shown a history of fradulent law suits.

Why aren't people countersuing for malicious prosecution?

Re:

[vux984 (928602)]

Same difference I would think.

When I lived at home with my parents, at its peak there were 6 licensed drivers, and 3 cars. My parents borrowed eachothers cars regularly, and us 'kids' borrowed their cars all the time too. While WE could probably deduce who was driving on a given day at a given time provided we received TIMELY notice:

1) Photo Enforcement Tickets were typically NOT timely.

2) It is not our responsibility to rat out our own family on violations that are frequently little more than thinly veiled

Re:

[Jaime2 (824950)]

I hope this is a troll.....

Red light cameras increase the accident rate as often as they decrease it. Also, the real dangerous drivers that actually run the middle of the red light and T-bone innocent drivers, aren't paying attention. Before red light cameras they weren't paying attention in a situation where their life was at stake, now they aren't paying attention in a situation where their life plus a $100 ticket is at stake. It isn't a deterrent to the real problem.

The people who actually get tic

Re:

[vux984 (928602)]

This officer also told me that these cameras are the safest way to enforce red lights. It's exceptionally hard for an officer to catch these people, because the officer 1) has to be able to see the light, 2) has to be in the front rank of cars, and 3) often as not would have to run the light themselves, which would be more dangerous than just letting the guy go. You can put an officer at each corner of the intersection, but that's manpower intensive

Or you can equip the intersection with a camera, but have i

Re:Lawyers and technology don't mix well..

[Sycraft-fu (314770)]

Ummm few things:

1) Where did you get the idea all universities have tons of IPs? Some do, some don't. Also, a class B might seem like a lot, but if you've got 50,000 students, 20,000 departmental computers and servers, and you dole the IPs out in subnets to different departments (so they aren't 100% utilized) you start feeling the crunch more than you might think. Where I work we've got two class Bs (as we were in on the Internet game fairly early) and network operations has already begun working on renumbering the network to try and reclaim unused IPs. We haven't had to implement NAT on any campus level (though there are tons of little ones that random people run) but it is not something out of the question. Take a larger university with less IP space, you'd have little choice.

2) NAT has other uses such as cloaking the activities of individual computers. You'll see places use NAT just for that, they don't want individual activity being traced based on IP. So they get a many-to-many NAT set up. You have say a couple hundred routable IPs with a couple thousand non-routable IPs behind them. The router picks out which public IP you get randomly, or round-robin, or whatever. Thus it ends up being impossible to figure out what is happening.

3) Who says the university runs the NAT? You telling me you don't think students stick routers in their dorms? You telling me that you don't think they do that, and turn on unsecured WiFi (especially since many universities have extremely poor or non existent WiFi)? I know for a fact they do, because we always have problems with this on our campus.