Tufts Tells Judge, We Can't Tie IP To MAC Addresses 419
NewYorkCountryLawyer writes "Protesting that Tufts University's DHCP-based systems 'were not designed to facilitate forensic examinations,' but rather to ensure 'smooth operations and to manage capacity issues,' the IT Office at Tufts University has responded to the subpoena in an RIAA case, Zomba v. Does 1-11, by submitting a report to the judge (PDF) explaining why it cannot cross-match IP addresses and MAC addresses, or identify users accurately. The IT office explained that the system identifies machines, not users; that some MAC addresses have multiple users; that only the Address Resolution Protocol system has even the potential to match IP addresses with MAC addresses, but that system could not do so accurately. For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit."
And the judge understood it? (Score:5, Interesting)
I suppose in the US you have judges with clue. In the UK it's fuddy duddy old men in wigs who go "What is this 'internet'?".
http://www.theinquirer.net/en/inquirer/news/2007/05/17/judge-has-beatles-moment-over-internet [theinquirer.net]
or maybe he didnt:
http://www.theinquirer.net/en/inquirer/news/2007/05/18/judge-didnt-have-beatles-moment-after-all [theinquirer.net]
Apparently the original story of the judge saying 'Who are the Beatles?' might be a myth anyway...
DHCP lease logs (Score:5, Interesting)
In both cases the retention notice arrived in such close proximity to the expiration of the ten day retention period of the DHCP data that we were unable to access the data before it was overwritten.
So they used the same excuse twice - log rotation - RIAAs new enemy.
Re:What, me change MAC address? I wouldn't do that (Score:4, Interesting)
At the dorm I used to live we had to authenticate our computers in order to gain access to the network, this was done via username/password combos. There were several that multiple people knew (mostly to get around bandwidth limits - you'd just jump on another account if you exceeded your quota).
It registered the MAC address at this point, but I doubt they were actually saved, as the quota was obviously tied to the user account and not the MAC.
Re:What, me change MAC address? I wouldn't do that (Score:3, Interesting)
And with Wifi, it's even easier (useful for these Kiosk-type nets wthat present you with a login page on first access):
Well, occasionally you (or the victim) might get one or the other dropped connection, but in practice, this is extremely rare.
Re:DHCP lease logs (Score:5, Interesting)
Re:DHCP lease logs (Score:1, Interesting)
When a computer is first connected to the Tufts network the user must register their MAC address with their individual username and password.
So it is not a perfect system but it is the best they have and would "catch" most ( non/semi technical ) users.
Comment removed (Score:5, Interesting)
Re:Why? (Score:2, Interesting)
For reasons which are unclear, the IT department then suggested that the RIAA next time send them 'notices to preserve information,' in response to which they would preserve, rather than overwrite, the DHCP data, for the RIAA's forensic benefit.
Why? The RIAA is not a court of law or even a government agency. Surely the university would have no obligation to comply with its requests? Talking about the RIAA in these terms ("notices", "forensic") lends it unwarranted legitimacy and authority.
That's what I want to know. Why?
Well, if you can't... (Score:2, Interesting)
... then you're liable! I'm expecting the courts to come up with that simple principle. Kinda like when your car is caught speeding: identify the driver or pay the fine.
That, of course, will make not only university LAN's but also corporate LAN's much more expensive to build. It'll also make it difficult to support multi-user machines as you'd have to tie each and every TCP connection to a user.
And after that liability scheme collapses under its own weight, we'll be rid of the whole copyright nonsense.
Re:Also (Score:3, Interesting)
Comment removed (Score:4, Interesting)
Re:And the judge understood it? (Score:5, Interesting)
Judges ask questions like that in order to ensure clarity. Remember, their cases will still be sitting in archives in hundreds of years' time, potentially to be used as precedent.
While I expect Elvis, Sinatra, The Beatles and other artists of that calibre will be known for a LONG time, at what level do you draw the line? Radiohead? S Club 7? The Cheeky Girls?
By adding less than 30 seconds to the case by the exchange:
"Who or what are the Beatles?"
"A popular beat combo musical band, m'lud. "
not only will humour be created by people saying "Oh, how ignorant judges are!", it ensures that 500 years down the line a case about cockroaches isn't confused by people pulling out the wrong information.
Re:You don't have a loghost? (Score:4, Interesting)
Re:Also (Score:2, Interesting)
If I change my name via deedpoll, I'm not 'spoofing' everyone I meet from then on into referring to me with a name that isn't mine. That is my name. If I change my name and then change it back, or simply cut out the actual changing of the name and just introduce myself with a different name for a week, I've spoofed them into thinking my name is something that it isn't.
Technologically I don't think there's a difference. If you consider intent, then you can draw a small, pretty inconsequential difference.
Re:That's one smug grin i would love to see. (Score:3, Interesting)
What you need to do then is restrict traffic based on IP leases.
My ISP will refuse to let traffic pass if the IP address set is not dynamic. They require you to enable dhcp, even if you're a static customer. In rare occasions if my dhclient has acted up, my internet will no longer work.
This not only makes administering your network easier and network safer (less chance of spoofing), but also better for your customers so they don't get conflicting IPs if someone decides to be 'naughty'.
Re:Generally? (Score:5, Interesting)
Tech support swears they don't do this, so you have two choices: call/hold/bitch at tech support till they reset your account (locking you into your current router's MAC so you start over if you get another router) or just clone the MAC and start moving packets.
Re:hehe (Score:3, Interesting)
I've always prefered the word "steal". It's so much more accurate (and honest). Of course if you own the CD you are ripping or burning, then it's really just copying ("I copied my CD over to my Ipod."). I try to avoid slang like "burn" or "rip", because it's just so imprecise. Can you imagine if we used that kind of slang back in the 80s:
- "I 'ripped' an INXS tape to my Commodore=64."
- "Awesome! 'Magnetize' me a copy onto a floppy."
- "Wouldn't you prefer I 'etched' a record instead?"
- "No man, etching records is so 1970s."
Re:You don't have a loghost? (Score:2, Interesting)
You missed the point... on the wireless network, one must login to get an address. Thus, there should be records of who logged in and was given a specific address. So, they should have one and only one name for the two wireless addresses.
Of course, if they expire those logs as fast as the dhcp logs, there's nothing to search.