Marshall University Challenges RIAA 117
NewYorkCountryLawyer writes "Marshall University, in Huntington, West Virginia, has become just the second US college or university to show the moxie to stand up for its students instead of instantly caving in to RIAA extortion. In February, Marshall, represented by the Attorney General of the State of West Virginia, made a motion to quash the RIAA's subpoena for student identities, pointing out in exquisite detail in its long-time IT guy's affidavit (PDF) the impossibility of identifying copyright 'infringers' based on the RIAA's meager evidence. Unfortunately, the Magistrate — under the mistaken impression that the RIAA isn't going to sue the identified students, but merely wants to talk to them — recommended that the subpoena be okayed by the District Judge (PDF). It is not yet known whether Marshall will be filing objections. The first US college or university known to have attacked the RIAA's subpoena was the University of Oregon, which — also represented by its state's Attorney General — made a motion to quash last November, and even questioned the legality of the RIAA's methods. The Oregon motion is still pending."
2nd university to show a movie? (Score:2)
Re:2nd university to show a movie? (Score:5, Funny)
Soundtrack available through...oh, wait...
Re: (Score:3, Funny)
available NOW (764 seeds, 1132 leeches)
Re: (Score:2)
Re: (Score:2)
BTW: Recording Industry Association of America != Motion Picture Association of America. Paramount and New Line aren't RIAA members, and somehow I've got the impression that they wouldn't let principles stand in the way of profit.
Re: (Score:1)
Re: (Score:2)
Movies? (Score:1)
Re: (Score:1)
Re: (Score:1)
Re: (Score:3, Interesting)
Re:2nd university to show a movie? (Score:4, Funny)
Lower ranking RIAA lawyer: Oh no! The college students are revolting!
Higher ranking RIAA lawyer: We already know this.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Hunh? (Score:4, Insightful)
Unless I have missed something, the magistrate judge's opinion is not based on the idea that the RIAA "merely wants to talk to" the students. Where does it say that?
Curiously, the magistrate judge's opinion does not even address the central issue, of whether the RIAA's evidence is sufficient to support the subpoena. It is devoted entirely to the question of whether the subpoena imposes an excessive burden on the university. His ruling that the university's burden is not great because it is merely required to produced the names of the students associated with the IP addresses, not to determine who was using the machines at the times of the alleged infringement,appears to be correct.
Re: (Score:3, Insightful)
Re:Hunh? (Score:5, Insightful)
All the university would know is that something with a specific MAC address was using that IP at that specific time.
Since MAC addresses are spoofable, how can they be related to a specific person at all?
Re:Hunh? (Score:4, Insightful)
Users are typically registered. Usually in universities, this is accomplished through a captive portal which records the MAC and username (authenticated with a password.) This ties the MAC to the user. From there, it's trivial to tie the packets to the MAC--spoofing IP addresses is trivial on most networking equipment in use by universities (i.e. we're not talking crappy Linksys routers, here.) MAC spoofing is rare, but also quite easy to block on the switch, long before any damning traffic occurred. Even if it isn't explicitly blocked, it would be a special case that would need to be handled when trying to identify the student, but it is by no means a dealbreaker.
Of course, if the student is running a wireless access point, you run into problems. This is why some universities don't allow wireless access points to be connected to the network (they can't outright ban them due to FCC regulations) and the university agreements almost universally state that traffic originating from the student's port is considered to be the student's liability.
ISPs (including universities) have valid reasons for wanting to be able to track people down. It's unfortunate that the ability to track people down means that they can give up their information when the RIAA comes subpoenaing.
Re:Hunh? (Score:4, Informative)
At the University I went to, CU, the wifi was unsecured, aside from the MAC address check. Yes, I did have to register the MAC to me, but then the MAC address was broadcast in the open, and could easily be spoofed, which I have used in the past.
Agreed that over wired ethernet, it is much easier to prevent MAC spoofing, but what about wifi?
Re: (Score:3, Interesting)
It may be that high-end networking equipment can disable wireless connections originat
Re: (Score:1)
At my University, they certainly have you use your university username and password to sign on to the wireless network. At that time, it associates your IP address with your user ID and password, and probably your mac, and lets the IP address access the internet.
As the IP address is nothing special (no
Re: (Score:2)
Re: (Score:2)
Yes, it would be a problem which would require much more thought. Since 802.11(abgn) is a fairly chatty protocol, you could probably manage by having a fairly short timeout. With a minimal period of time during which a spoofer could act, you'd eliminate a lot of problems. Further, wireless networking cards can be profiled and identified, so you could add
Re: (Score:3, Insightful)
I don't know about every university, but every one that I've used the network on is basically totally open. Can't recall ever having to authenticate or do anything other than simply plug in and go. That's how it was in the dorms I lived in (albeit 6 or so years ago), as well as the public access points (libraries) of my and other nearby universities.
I have no doubt there are universities that do more, but I sure wouldn't assume that to be the case by default. In fact, I've been to more than one univers
Re: (Score:2)
I do think that ease of communication is inherently necessary to the educational process, but I don't think that anonymous communication necessarily is.
Re: (Score:2)
According to the local paper, The Harald-Dispatch (Harald-Disgrace to us locals) the subpoena was issued because Marshall had already turned some names in then stopped when other universities started challenging. The argument made was then if
Re: (Score:3, Insightful)
There's a chain of evidence which is used to get a person in many universities. It's the same way any ISP would track usage down to a specific user.
But not all universities are alike in how they structure their networks and allocate their resources. They are not even alike in how much resources they get. Marshall University is definitely one where costs are kept as low as they can get them. West Virginia is not one of the rich states.
Users are typically registered. Usually in universities, this is accomplished through a captive portal which records the MAC and username (authenticated with a password.) This ties the MAC to the user.
That would be so at that moment in time, no accounting for the issues involved with students using wireless over their dorm connections.
From there, it's trivial to tie the packets to the MAC--spoofing IP addresses is trivial on most networking equipment in use by universities (i.e. we're not talking crappy Linksys routers, here.) MAC spoofing is rare, but also quite easy to block on the switch, long before any damning traffic occurred.
It's not necessarily easy to block it, as that results in problems moving c
Re: (Score:3, Insightful)
Wait, what? How does this happen?
I mean, yes, it'd be somewhat more difficult if we're not on the same network, but there's always other networks, and wifi, on any sufficiently large campus. Besides, my understanding is that a switch can't know which nic actually "owns" that mac address, thus whoever had it first "wins" and gets the IP also.
And then, there's always the possibility of simply register
Re: (Score:2)
Re: (Score:2)
Makes sense...
This I don't get. Are you not allowed to move between networks?
See, I could physically plug my laptop into anywhere on campus, and expect it to work. Or I could turn on the wireless -- different mac address, but bound to the same username and IP -- and expect it to work.
But I didn't have to login every time. Therefore, someone else could easily have spoofed my
Re: (Score:2)
Users are typically registered. Usually in universities, this is accomplished through a captive portal which records the MAC and username (authenticated with a password.) This ties the MAC to the user. From there, it's trivial to tie the packets to the MAC--spoofing IP addresses is trivial on most networking equipment in use by universities (i.e. we're not talking crappy Linksys routers, here.) MAC spoofing is rare, but also quite easy to bloc
Re: (Score:2)
Re: (Score:3, Informative)
Students need to log into school servers to use school resources. The www proxy is often not under that umbrella. Try it. An Ubuntu live CD works fine for a zero fingerprint session. Boot, set the browser to use autoproxy, and surf. No login ID or finerprints are left on the machine. BT and an external USB drive work fine.
Re: (Score:2)
Out of curiosity, how do you make the logical jump from recording the username and the MAC to tying the MAC to the user? At best, you can tie the MAC to the username because that is all you have recorded.
A username does not uniquely identify the actual user of a given system any more than an IP address would. I believe that your premise is false.
Re: (Score:2)
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:1)
So you're saying they're like apples and oranges?
Re: (Score:2)
Unless every single connection from the computer was authenticated to the MUNET account, all you would know is that a MAC address is registered to a MUNET account, and that a specific IP was assigned to a given MAC address through DHCP.
What you don't know is if the owner of the MUNET account owned the device that was sending out that MAC address at that time, just that the owner of the MUNET's computer defaults to a specific MAC address.
Do any universities require an encrypted tunnel of some sort
Re: (Score:2)
Car analogy (Score:1)
The subpeona is to get the name the of the person owning the car. However it doesn't prove who was driving it.
Also to note, that having the make, model, colour and license plate of the car doesn't actually mean the car belonged to someone or was in fact real. In fact, it could have all been faked.
As well, at
Re: (Score:3, Interesting)
If a gun is used in a crime, and you have a body and a bullet, then yeah, you can go and talk to him. And if he doesn't want to talk? He doesn't have to. Unless you arrest him, in which case he gets a lawyer, and you have to release him if you dont' have at least some evidence he did something wrong that you can charge him with.
With these RIAA cases, we don't even have a *crime* here. Nevermind a bullet. Yet the ISP (university) is expected to hand over contact information without so much as bli
Re: (Score:1)
Who says that an IP address can even be related to a specific computer, much less a person?
The universities. The standard at several universities I've visited is a MAC filtered wired (and wireless) network; you "register" your computer in connection to your school login/password, tying the MAC address (and therefore, the issued IP) directly to your account.
Since MAC addresses are spoofable, how can they be related to a specific person at all?
Exactly the problem, but that might not be taken into consideration in a courtroom.
Re: (Score:2)
"A significant part of this burden, however, stems from a mistaken belief that the University was required to determine who was 'using a given computer a given time'. By requiring plaintiffs to serve an amended subpoena making it clear that they seek only identifying information with respect to the person associated with the IP address at the date and time of the alleged infringing use, the perceived burden should be reduced."
Jeeze... Considering that an IP address is in all practical
Re: (Score:2)
I don't disagree with you. I think that the RIAA's approach is ridiculous. My point is that that isn't what the decision addressed. All it talks about is the question of whether the subpoena imposes an excessive burden on the university.
Go WVa (Score:2)
Where's NewYorkCountyLawyer? FTFA
Nice touch man.
Re: (Score:2)
Re:Go WVa (Score:4, Informative)
What did you think of the IT guy's affidavit? I felt it was a model of clarity, explaining to the judge that the RIAA doesn't have a case against these kids. The IT guy at the University of Arizona did a good job on that same issue [blogspot.com] but the school, like idiots, just caved in and turned over the information, ignoring the motion to quash [blogspot.com] which one of the students had filed.
Re: (Score:2)
Re: (Score:1, Funny)
Re: (Score:1)
Besides, french-canadian women are hot and poutine is tasty. Maple syrup and french-canadian woman are both.
I like my Canada with Quebec in it.
411 (Score:3, Insightful)
What an idiotic impression. Even if it was a correct impression (how anyone who's done a hint of research on the situation could have that impression is beyond me...), I'd like to think that legal officials would discourage people from using the legal system as their publicly funded 411 service. This whole situation (the RIAA lawsuits as a whole) blows my mind more and more every day and not just because of how moronic the RIAA are. Sadly, they aren't the only idiots running around...
This is a shake down (Score:5, Insightful)
Re: (Score:2)
Re: (Score:2)
The RIAA damn well better intended to sue some students, or else why the hell are they wasting the courts' time with subpoenas?
I guess that means (Score:1)
MARSHALL
Re: (Score:2)
Re: (Score:1)
Add one to the list of respectable u.s. colleges (Score:2)
I Don't Get It (Score:3, Interesting)
But then there's this:
absent the identifying information from the university, plaintiffs simply cannot proceed with their lawsuit, establishes to the Court's satisfaction that Marshall University's obligation under the subpoena is not unduly burdensome.
That seems to make no logical sense at all. The judge seems to be saying that if Plaintiffs cannot proceed with their case otherwise, then there is no such thing as a subpoena that's too burdensome on non-party Marshall University.
Is this judge out of his freaking mind!!!
Re: (Score:2)
Re: (Score:2, Informative)
That seems to make no logical sense at all. The judge seems to be saying that if Plaintiffs cannot proceed with their case otherwise, then there is no such thing as a subpoena that's too burdensome on non-party Marshall University.
Is this judge out of his freaking mind!!!
You're correct that the notion that the plaintiff's ability to proceed or not should have little bearing on the decision of whether or not the subpoena is overly burdensome. You've left out the first half of the argument though, that it's not burdensome because it only requires the names and IP addresses. The judge seems at best guilty of poor (maybe even deceptive) wording here. I see nothing wrong with the actual basis for his decision though. I mean, how burdensome is it to cough up the info?
Seriousl
Re: (Score:2)
That wouldn't give the RIAA the information they're looking for. All the automatic logs attempt to do is match an IP address to a MAC (media access control) address on the remote device at the time in question. Who is the supposed owner of the equipment with that MAC address is in a second completely separate database, which contains most likely just student id num
Re:I Don't Get It (Score:5, Informative)
2. The university argued it can't identify the infringers, and spelled out in the IT guy's affidavit why it's impossible, without conducting an elaborate investigation.
3. The magistrate ruled 'they're not asking you for the identities of the infringers', they just want to know who's associated with the IP address.
4. He is apparently unaware of the RIAA equation, "whoever is associated with the IP address" = "the defendant" = "the infringer". He is assuming the RIAA lawyers conduct themselves like real lawyers.
Re: (Score:2)
Re: (Score:1)
Marshall University Challenges RIAA (Score:1)
Tomato, tomahto? (Score:2, Interesting)
Marshall argues
Ex
Re: (Score:2)
Exactly how is finding "the person associated with [an] IP address at [a] date and time" different from determining who was "using a given computer at a given time"?
The person using the computer, if he were using it to commit copyright infringement, is an infringer, while the person whose internet access account would not be. If it were my internet access, but you plugged your laptop in at my dorm room, and used it to infringe someone's copyright, you would be the infringer, and I would be blameless. But I would be the one the RIAA sues. The Magistrate doesn't realize what morons he's dealing with. Marshall's IT guy is aware.
Re: (Score:1)
Diet counsel for Universities (Score:2)
3 cheers for the WV AG (Score:2)
Re: (Score:3, Insightful)
And I'm not very bright.
What's the RIAA's ROI (Score:1)
Round Robin DNS (Score:1)
The point really is (Score:2)
If you can't connect a "person" with an "action" in any way, then "actions" have no consequences any longer. You can use all the hand-waving you want, but that is what it comes down to. Either someone is responsible, or nobody is.
Today, ISPs shielding customers means pretty much that nobody is ever responsible. Unless you brag or otherwise spill the beans, whatever you do online can never be traced to a person,
Re: (Score:2)
No one with a technical background ever claimed that an IP or MAC was traceable to a computer. I remember configuring NetWare IPX clients in 1994 and being able to configure an arbitrary MAC address. I've been working with NAT forever and NAT breaks the IP to client relati
Re: (Score:1)
If only I had not already replied in this thread..mod this reply up.
Advocating some kind of secure, global authentication scheme might be completely insane, wildly expensive, difficult to maintain and always capable of being circumvented, but if that is what you feel is best,
My School Just Got Targeted by the RIAA (Score:2, Interesting)
E-mail is as follows:
Students,
Be advised that the University has recently received several copyright infringement notices from the RIAA and SafeNet DMCA.
Each individual RI
For the Record... (Score:1)
http://users.marshall.edu/~fox/
Where to next? (Score:1)
Would the RIAA sue it's own members?
The RIAA should sue itself for being this stupid.
---
My html sucks and I don't give a damn.
Re: (Score:1, Troll)
That's American Politics in a nutshell.
Re: (Score:1)
I'm just saying that were I to get sued by the RIAA a year ago, I'd have been guilty. Now I have cleaned up my act... Helps though that the majority of music I download comes from Europe so I have a small percentage of files from an RIAA label, nor did I ever upload music, nor do I purchase music from RIAA labels (unless the album is worth it). That way I can breathe a li
Re:And even after all the years of these articles. (Score:5, Interesting)
A music thief is someone who steals CDs from Best Buy. A music thief is also someone who scams a recording artist he's signed a contract with out of all his royalties, like the music industry has done time and again.
Which label do you work for again, Mr. Cpward? Sony-BMG? If so, there's a special place in hell for you.
Re:And even after all the years of these articles. (Score:4, Funny)
Re: (Score:2)
Sincerely,
B.L. Zebub
Re: (Score:2)
Second, while I dislike the comparison of copyright infringement to thievery, it is nonetheless illegal. It is likely less immoral, but that's not a judgement call that the government should be making.
Re: (Score:2)
Somebody bought a copy and uploaded it. If they downloaded it and then uploaded it then it's already there.
Second, while I dislike the comparison of copyright infringement to thievery, it is nonetheless illegal.
So is rape, but I don't think you would say that copyright infringement is rape.
Re: (Score:2)
Re:And even after all the years of these arti SUX! (Score:3, Interesting)
And the punishment (fines) for stealing that physical CD from Best Buy is one to several hundred times less than the statutory damages asked for and allowed under law ($750 to $150,000 PER TRACK) for online copyright infringement. Tell me how that makes any sense!
And the recording industry is lobbying hard to RAISE those statutory damage limits EVEN HIGHER.
I'm sorry, but they have an overly exaggerated view of the true value of their product.
Re: (Score:2)
The thing is, shoplifting and copyright infringement are very different- copyright infringement isn't a crime, to start with. The punishments should be different, and the punishments for copyright infringement can be only monetary and equitable relief.
Re: (Score:2)
BINGO! Like I said (and like I believe the comment between yours and mine said), copyright infringement isn't stealing, and the penalties are way out of whack; a small fine or community service for shoplifting (although repeat offenders will see the inside of a jail) for the criminal act of stealing, vs tens of thousands in civil costs for copyright infringement.
Re: (Score:2)
Civil copyright infringement, by necessity, can only provide for equitable and monetary relief; that is, the court can only order that the infringer stop or pay fines (or both).
However, that said, in many ways, civil copyright infringement can be far more damaging than mere theft. Theft of a CD is a fairly minimal occurrence which perhaps costs the store in direct costs ten dollars; copyright infr
Re: (Score:2)
Now mod this one troll as well.