Forgot your password?
typodupeerror
The Courts Government News Your Rights Online

MediaSentry & RIAA Expert Under Attack 273

Posted by kdawson
from the my-expert's-smarter-than-your-expert dept.
NewYorkCountryLawyer writes "Jammie Thomas, the defendant in Duluth, Minnesota, RIAA case Capitol Records v. Thomas, has served her expert witness's report. The 30-page document (PDF), prepared by Prof. Yongdae Kim of the Computer Science Department of the University of Minnesota, attacks the reports and testimony of Prof. Doug Jacobson, the RIAA's expert, and the work of the RIAA's investigator, Safenet (formerly known as MediaSentry). Among other things, Dr. Kim termed MediaSentry's methods 'highly suspect,' debunked Dr. Jacobson's 'the internet is like a post office' analogy, explained in detail how FastTrack works, explored a sampling of the types of attacks to which the defendant's computer may have been subjected, accused Jacobson of making 'numerous misstatements,' and concluded that 'there is not one but numerous possible explanations for the evidence presented during this trial. Throughout the report I demonstrate possibilities not considered by the plaintiff's expert witness in his evaluation of the evidence...' Additionally, he concluded, 'MediaSentry has a strong record of mistakes when claiming that particular IP addresses were the origins of copyright infringement. Their lack of transparency, lack of external review, and evidence of inadequate error checking procedures [put] into question the authenticity and validity of the log files and screenshots they produced.'"
This discussion has been archived. No new comments can be posted.

MediaSentry & RIAA Expert Under Attack

Comments Filter:
  • by tulmad (25666)

    So much for those arguments.

    • Re:owned. (Score:5, Interesting)

      by jd (1658) <imipak@yaCOLAhoo.com minus caffeine> on Tuesday March 03, 2009 @07:57PM (#27058371) Homepage Journal

      The use of screen shots (and indeed printouts) from computers in legal trials in the UK in the 1990s resulted in a body of case law in which it was pointed out that anyone can make a computer show anything you like, that doesn't mean the data is valid.

      (This case law was frequently as a result of a popular defense tactic against the Poll Tax. Just because a printout says X owes Y amount doesn't mean that this is true. You can't cross-examine a computer.)

      It would be good if this argument made its way into the US legal system, but for all the flak that UK judges get for ignorance, I suspect they are smarter when it comes to technology.

      • Re:owned. (Score:4, Insightful)

        by Thinboy00 (1190815) <thinboy00@noSpaM.gmail.com> on Tuesday March 03, 2009 @08:40PM (#27058809) Journal

        It would be good if this argument made its way into the US legal system, but for all the flak that UK judges get for ignorance, I suspect they are smarter when it comes to technology.

        It's more general than that. The ENTIRE EU is more clueful when it comes to tech than the ENTIRE US.

      • Re:owned. (Score:5, Insightful)

        by tsm_sf (545316) on Tuesday March 03, 2009 @11:43PM (#27060417) Journal

        I'll never understand how people can base a legal argument around a text file.

        Unless you have an officer of the court present during the writing of the router code, the server code, the logging module code, storage of the logs, retrieval of the logs, and on and on and on... it's all absolute bullshit. Strike that 'unless', it should be 'even if'. There's not a person here (he said, as if it was 1998) who couldn't fake this shit given physical access and a week to study.

        A text file is not a god damn fingerprint.

        • Re: (Score:3, Insightful)

          by Tuoqui (1091447)

          Finally...

          Yeah use the Slashdot defense. Bring a 7 year old into the court and have them edit the text file and/or modify the screenshot in about a minute. Remember that the RIAA and MediaSentry are heavily biased parties. They have a long range of abuses of the legal system abuses and lets not forget their attack dog (MediaSentry) is not even a licensed investigator either.

      • Re:owned. (Score:4, Funny)

        by cerberusss (660701) on Wednesday March 04, 2009 @02:44AM (#27061509) Homepage Journal

        You can't cross-examine a computer.

        This is not true. I do this regularly and with great success. Agreed, it takes a bit of physical contact, but they all respond.

        After some screaming and raging, pointing a bright light in its direction, and finally some slapping around, the Vista desktop responds with a blue screen.

        The Linux laptop is a bit tougher but in the end still either goes into a comatose retreat, freezing X Window System, or shows its black&white console and dumps kernel.

  • Thank you, NYCL! (Score:3, Insightful)

    by Chabo (880571) on Tuesday March 03, 2009 @07:19PM (#27057979) Homepage Journal

    Thank you for your coverage of these events, even if you're biased. ;)

    Then again, consider the audience!

  • by LordKaT (619540) on Tuesday March 03, 2009 @07:20PM (#27057999) Homepage Journal

    Please? At the very least you'll have someone with an honest to god education who can proofread and write decent articles on your editorial staff, as opposed to ... kdawson.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If you'd like to have a great editor with a great conflict of interest, then yes, he should be an editor.
      Otherwise leave it to people who don't submit stories.

      • If you'd like to have a great editor with a great conflict of interest, then yes, he should be an editor. Otherwise leave it to people who don't submit stories.

        I wouldn't have to decide whether to accept or reject the stories I submit. I could just reject them mentally, before I write them, and save myself the work.

        • by Anonymous Coward on Tuesday March 03, 2009 @08:48PM (#27058879)

          If you'd like to have a great editor with a great conflict of interest, then yes, he should be an editor.
          Otherwise leave it to people who don't submit stories.

          I wouldn't have to decide whether to accept or reject the stories I submit. I could just reject them mentally, before I write them, and save myself the work.

          You could write some crap submissions, auto-approve them, then sue us when fewer and fewer people read them!

          • Re: (Score:3, Funny)

            by AliasMarlowe (1042386)

            You could write some crap submissions, auto-approve them, then sue us when fewer and fewer people read them!

            Hey, that should have been a numbered list ending in "Profit!". You also left out the "???" step.

      • Re: (Score:3, Funny)

        by NecroPuppy (222648)

        If you'd like to have a great editor with a great conflict of interest, then yes, he should be an editor.

        Wasn't that Jon Katz?

        Oh wait... you said "great".

        Never mind.

  • by TinBromide (921574) on Tuesday March 03, 2009 @07:21PM (#27058009)
    I've prepared a few expert reports in my time, but IANAL, however, as satisfying/intimidating these reports may be, most of the time they'll be downplayed or ignored by the other side. In court, if you ignore it, unless the judge is on the other side, it DOES go away.

    I'm waiting for the expert testimony, because anybody can type up 30 pages that equate to "Nuh-uh!" but judges sit up and take notice when someone sits in the witness chair and says "Nuh-uh!"

    Essentially, what I'm saying is that while the slashdot community will rally around this news item, the legal community won't take notice until there's a precident.
  • Daubert is around one of these corners.
  • Duh? (Score:5, Insightful)

    by girlintraining (1395911) on Tuesday March 03, 2009 @07:24PM (#27058049)

    Yeah, digital evidence can be such a bitch, especially when you gather it remotely. You have no idea if the client (remote end) is telling the truth or not, let alone if it was tampered in transit or not, and even if none of that is true, there's still no way to link what a computer does definitively to what a person designated as the primary user of that system, simply because that system could have been previously compromised via a litany of vectors. In short, why this ever got this far is beyond me... The standards of evidence have slipped quite a bit. These days, you yell "computer!" in a crowded court room and bring in an "expert" in a suit, and the judge and jury will believe just about anything. IP addresses and hashes as "digital fingerprints"? a smack of MP3s on a hard-drive is "evidence"? If I rip a CD I legally purchased, encode it into MP3, and then the CD is damaged and thrown away, or stolen, does that make my digital copy illegal? Apparently. things that are perfectly legal to do to their physical counterparts become illegal to do when a computer becomes involved, simply because someone yelled "computer!" in a crowded court room.

    Please god, send us a lawyer worthy of Mordor.

    • by Chabo (880571)

      simply because someone yelled "computer!" in a crowded court room.

      I say we prosecute anyone who shouts "computer!" in a crowded court room for the mere cause of starting a panic. If we play our cards right, their actions will be exempt from First Amendment protections.

    • Re: (Score:3, Insightful)

      In short, why this ever got this far is beyond me... The standards of evidence have slipped quite a bit.

      I'm not fan of the tactics of the RIAA, but posts like yours drive me insane. Why do computer geeks seemingly have so much trouble with the concept of "guilty beyond a *reasonable* doubt?" The quote is NOT "guilty beyond all doubt".

      Yes, it's theoretically possible that someone broke in and used your computer to download MP3s. However, that's not reasonable.

      Yes, it's theoretically possible that someone s

      • Re:Duh? (Score:5, Insightful)

        by girlintraining (1395911) on Tuesday March 03, 2009 @08:08PM (#27058477)

        I'm not fan of the tactics of the RIAA, but posts like yours drive me insane. Why do computer geeks seemingly have so much trouble with the concept of "guilty beyond a *reasonable* doubt?" The quote is NOT "guilty beyond all doubt".

        Cases based largely if not entirely on circumstantial evidence (which is what data remotely gathered is), do not rise to "beyond a reasonable doubt". I'd go as far as to say -- why the hell does this get before a judge and not get thrown out? Because the judge doesn't understand that all the crap that RIAA puts in front of him/her is circumstantial. And then they sign a bunch of warrants and set everything in motion -- which thanks to recent supreme court rulings, can be admissible even if the original reasons were complete bunk. So in short, RIAA is playing on the technical ignorance of judges to advance these cases, hoping that their circumstantial evidence leads to admissible evidence at trial.

        And THAT is the abuse of the system, and posts like yours "drive me insane" because posters like you fail to see the larger issue because you're hyper-focused on the little tiny things like whether a certain word was stressed or not.

        • Re: (Score:3, Insightful)

          by BCGlorfindel (256775)


          Cases based largely if not entirely on circumstantial evidence (which is what data remotely gathered is), do not rise to "beyond a reasonable doubt".

          The trick that is killing everyone though is that "beyond a reasonable doubt" is only the bar for criminal cases. In civil suits like those the RIAA is pursuing the burden of evidence is much, much lower. When people go into the court thinking it'll be a cake walk because they can plead reasonable doubt they get burnt when reasonable suspicion is sufficient to

      • Re:Duh? (Score:4, Insightful)

        by m.ducharme (1082683) on Tuesday March 03, 2009 @08:10PM (#27058487)

        Also, the RIAA, as far as I know, doesn't have to meet the "reasonable doubt" standard, but the "preponderance of evidence" standard, which basically means that they have to prove that their story is more likely than the other side's.

        I think that if they had to meet the "guilty beyond reasonable doubt" test, they would fail. It is certainly reasonable that a third party infected her computer and used it for their purposes, if her computer was a bot- and virus-infested nightmare, as I suspect it was.

        The real risk for MediaSentry here is that their methods don't seem to have any rigour at all, and may not actually qualify as evidence at all. I'm more interested in the lack of time stamps, investigator's licenses, or protocols for preservation of evidence than in the possible attack vectors available to a third party.

        If the MediaSentry evidence is all they have, and it gets thrown out because of Dr. Kim's expert testimony, the RIAA won't have anything left.

      • Re:Duh? (Score:5, Interesting)

        by NecroPuppy (222648) on Tuesday March 03, 2009 @08:13PM (#27058517) Homepage

        Both your examples are unlikely. And, I'll note, not listed in Dr. Kim's report. (You did read the report, right?)

        In this case, the RIAA expert didn't even admit the possibility of likely things.

        For example, until I locked it down, neighbors on both sides of my place were stealing bandwidth off the wireless router where I rent. If they were downloading music, we'd be the ones hit, because it would be our router that would be showing up in ISP records / on Kazaa. (A similar example appeared in Dr. Kim's report. You did read the report, right?)

        The RIAA "expert" seemed to think that because the (non-timestamped) traceroute went to Thomas's computer, that it -always- went there. This isn't automatically the case. IP/MAC spoofing or other attacks (as appeared in Dr. Kim's report. You did read the report, right?) can easily obfuscate the issue.

        The RIAA's expert also said that the presence of MP3s showed that Thomas downloaded them from the internet, again, ignoring the extremely likely possibility that Thomas ripped them from CD (which, I will note is both extremely easy, and mentioned in Dr. Kim's report. You did read the report, right?).

        The problem with the RIAA expert is that he neglected to list other possibilities. Would he have needed to list the extremely unlikely ones? No.

        But he did need to address likely alternative explanations. And when you add his extremely bad analogies, and apparent lack of understanding of NAT (to be 'fair', he could actually understand NAT, but ignored it because it would weaken his report, but that's being a bad expert), his report deserved to be torn apart by Dr. Kim. (You did read the report, right?)

        • Re:Duh? (Score:5, Interesting)

          by NewYorkCountryLawyer (912032) * <ray.beckermanlegal@com> on Tuesday March 03, 2009 @08:21PM (#27058607) Homepage Journal

          In this case, the RIAA expert didn't even admit the possibility of likely things. For example, until I locked it down, neighbors on both sides of my place were stealing bandwidth off the wireless router where I rent. If they were downloading music, we'd be the ones hit, because it would be our router that would be showing up in ISP records / on Kazaa. (A similar example appeared in Dr. Kim's report. You did read the report, right?) The RIAA "expert" seemed to think that because the (non-timestamped) traceroute went to Thomas's computer, that it -always- went there. This isn't automatically the case. IP/MAC spoofing or other attacks (as appeared in Dr. Kim's report. You did read the report, right?) can easily obfuscate the issue. The RIAA's expert also said that the presence of MP3s showed that Thomas downloaded them from the internet, again, ignoring the extremely likely possibility that Thomas ripped them from CD (which, I will note is both extremely easy, and mentioned in Dr. Kim's report. You did read the report, right?). The problem with the RIAA expert is that he neglected to list other possibilities. Would he have needed to list the extremely unlikely ones? No. But he did need to address likely alternative explanations. And when you add his extremely bad analogies, and apparent lack of understanding of NAT (to be 'fair', he could actually understand NAT, but ignored it because it would weaken his report, but that's being a bad expert), his report deserved to be torn apart by Dr. Kim. (You did read the report, right?)

          Good post. When I deposed Dr. Jacobson [blogspot.com] in the UMG v. Lindor case, he admitted that he had never considered any alternative explanations.

          • by sxltrex (198448)

            Wow, an attaboy from NYCL. Somebody's bucking to get on the friend list!

          • Re:Duh? (Score:5, Interesting)

            by LordKazan (558383) on Tuesday March 03, 2009 @09:05PM (#27059067) Homepage Journal

            Dr Jacobson is not stupid, I've met the man. I graduated with a degree in computer science from Iowa State University in December. I haven't taken a class from him, but again the man is not stupid.

            He's malicious.
            He's being paid.

            In fact I bet he even knows his testimony is full of shit.

            Again, he's being paid.

            • Re:Duh? (Score:5, Informative)

              by NewYorkCountryLawyer (912032) * <ray.beckermanlegal@com> on Tuesday March 03, 2009 @09:15PM (#27059175) Homepage Journal

              Dr Jacobson is not stupid, I've met the man. I graduated with a degree in computer science from Iowa State University in December. I haven't taken a class from him, but again the man is not stupid. He's malicious. He's being paid. In fact I bet he even knows his testimony is full of shit. Again, he's being paid.

              More than being paid, he has a major financial interest in the "Audible Magic" software which the RIAA is peddling for him. They go to LAN operators and say "Pay us $76,000 [blogspot.com] and the letters will stop".

              • Re:Duh? (Score:5, Interesting)

                by CodeBuster (516420) on Tuesday March 03, 2009 @09:56PM (#27059573)
                Would a "reasonable man" conclude that those interests are in conflict? If the answer is yes (and it probably is) then why was Dr Jacobson not eliminated as an expert witness straight away by a defense attorney raising an objection in court and mentioning this conflict? Perhaps I am missing something here, but I am sure that NYCL can explain.
                • Re:Duh? (Score:5, Informative)

                  by NewYorkCountryLawyer (912032) * <ray.beckermanlegal@com> on Wednesday March 04, 2009 @12:11AM (#27060629) Homepage Journal

                  Would a "reasonable man" conclude that those interests are in conflict? If the answer is yes (and it probably is) then why was Dr Jacobson not eliminated as an expert witness straight away by a defense attorney raising an objection in court and mentioning this conflict? Perhaps I am missing something here, but I am sure that NYCL can explain.

                  That's easy.

                  The defendant's lawyer did not object.

      • Re:Duh? (Score:5, Interesting)

        by Todd Knarr (15451) on Tuesday March 03, 2009 @08:26PM (#27058667) Homepage

        Bear in mind that MediaSentry has accused a laser printer of sharing music files. Not just alleged, stated that they had proof positive of that laser printer serving up MP3s via a P2P network. That alone suggests to me that their "evidence" is shaky at best.

        • by dave562 (969951)
          The concept of a laser printer serving up MP3s isn't that far fetched. It could have an internal drive. Most high volume printers either have huge amounts of RAM (huge being in the low multi-gigabyte range) or internal drives. That space is used to cache large print jobs. Now granted, a couple of gigs isn't much in the grand scheme of things, but at about 10MB per MP3 file, you could easily fit a couple albums on your average high capacity network printer and still have some room left over.
          • Re: (Score:3, Informative)

            by Todd Knarr (15451)

            Oh, it could certainly store the files. But how's it going to run the P2P software to share them out? These things aren't desktop PCs where you can install any software you want on them, they're embedded systems running out of on-board firmware that can't be updated except by a factory tech (because if the customer could update it they could unlock features they aren't paying for, and we can't have that now can we). Smaller printers like LaserJets are more amenable to being hacked, but they lack the storage

        • Re:Duh? (Score:4, Funny)

          by musiholic (94408) on Tuesday March 03, 2009 @10:53PM (#27060071) Homepage Journal

          Darn you, HP Laser Jet! I told you not to do that!

      • This is a civil case, reasonable doubt and guilt have nothing to do with it.

    • Please god, send us a lawyer worthy of Mordor.

      I'm not sure that's the wisest thing to wish for. :D

      • Please god, send us a lawyer worthy of Mordor.

        I'm not sure that's the wisest thing to wish for. :D

        Yeah, but don't forget they were finished off by a bunch of trees...

      • by LordKazan (558383)

        It's probably a reference to IBM's strike team of lawyers that call themselves the Nazgul

      • Those lawyers exist, but they are currently busy destroying the SCOundrels.

  • Thank you Ray for all you do for us.

  • What is FastTrack? Is this [fasttrack.nu] what they were talking about?

  • by psnyder (1326089) on Tuesday March 03, 2009 @08:02PM (#27058415)
    I find this all very interesting from a kind of "we're living through history" perspective. What we've been witnessing over the past few years is almost the complete devaluation of the record company's main 3 products, 'recording', 'promotion' and 'distribution'.

    Artists needed record companies to make them nice recordings and to promote them (advertising and getting their records out). The record companies made most of their money off of record sales. The artists made most of their money off of concerts and appearances. With recording equipment fairly inexpensive in comparison to the recent past, and free or nearly free software that can professionally mix, recording now comes at a very low cost. The only real advantages of a studio now are the sound-proof room and the technician that knows what they're doing. If a musician spends the time to learn and experiment with acoustics, the trained technician becomes less valuable, and all you need is some equipment and a nice room.

    It's obvious to anyone reading Slashdot that promotion and distribution can be handled through the Internet now for extremely little money.

    It's amazing to think how these 3 things which were so valuable for such a long time became cheap so suddenly. The argument that file sharing is anti-capitalist is completely incorrect. It's capitalism at work. It's just that the value of the job that record companies do is no where near the value it had even a decade ago. Ironically, pretending it's still the same is anti-capitalism.
    • At this point, I don't think the RIAA is even trying to profit; they're just trying to survive (albeit by cruel and unusual means).

  • by hyades1 (1149581) <hyades1@hotmail.com> on Tuesday March 03, 2009 @08:41PM (#27058819)

    How could a legitimate expert in the field make the errors and omissions Prof. Doug Jacobson did in his testimony? It appears from what has been said that either Jacobson's academic credentials or his honesty are suspect. These omissions are not minor, nor are they so esoteric that a so-called "expert witness" could be forgiven for being unaware of them.

  • by sk999 (846068) on Tuesday March 03, 2009 @10:57PM (#27060111)

    Mostly innuendo and facts of marginal relevance.

    Except for these two zingers:
    http://lists.sans.org/pipermail/unisog/2004-April/ [sans.org]
    http://lists.sans.org/pipermail/unisog/2005-January/ [sans.org]

    Look for the messages regarding "MediaSentry". Real network administrators posting their experiences receiving nonsensical requests from MediaSentry and related entities for information about bogus IP addresses. Doesn't reflect too well on MediaSentry's methodology.

  • by wasted (94866) on Tuesday March 03, 2009 @11:05PM (#27060167)

    What would be interesting, and possibly helpful, would be a screenshot showing that someone with the IP address of a SafeNet office (or an RIAA lawyer's law office) has a lot of files on their computer with filenames suggesting kiddy porn or something to that effect. Introducing that faked screenshot as evidence would be interesting, since any testimony supporting the validity of the Safenet screenshots may support a felony case against Safenet (or the RIAA lawyer).

    I don't have the skills/time to find the appropriate IP addresses, ascertain operating systems and such, and then fake the believable screen shot. I don't know that it would be legal, either, so please don't take this as a suggestion. It would be interesting in court, though.

I am the wandering glitch -- catch me if you can.

Working...