Latest on the RIAA and Copyright Infringement

By Kris Plunkett at 9:24 pm on February 2, 2008 | 1 Comment

(article) The RIAA is trying to push the PRO-IP bill through Congress, which would grant them more protection under copyright law, including the ability to sue even more for illegal copying of media. Thought $9,000 per song was too much? Try $1.5 million per CD…

(article1) (article2) The Motion Picture Association of America and the International Federation of the Phonographic Industry, among other media giants, are backing Sweden’s decision to charge the individuals responsible for running a public torrent site known as “The Pirate Bay”. The charge is accessory and conspiracy to break copyright law. Many think the charges have no grounds, but even if they lose the trial, according to them, the site isn’t going anywhere.

(article) Since September, when the RIAA lost the Interscope vs. Rodriguez case because of lack of evidence supporting their complaint, the association has attempted to add more details to their case; most notably the IP address connected with the alleged offender. Many believe that this isn’t good enough either.

I would like to expand upon this last bit, which happens to be directly connected to computer security. The question is whether or not an IP address is indeed enough to associate a given instance of illegal file sharing with the individual doing the sharing. The general consensus is no, and there are many reasons for it. The most obvious scenario is one in which the user is behind a SNAT (Source Network Address Translation), meaning that a single global IP address is shared among multiple users. Outbound connections are translated by the router from a local IP address to the shared address and then sent out. Because of this system, it is impossible to externally discover which local computer is responsible for a given exchange based strictly on the global IP address. Moreover, the only networking related data that could possible make such a connection lives on the router, which it uses to demultiplex inbound packets to the appropriate client. This information changes frequently and in high volumes and is thus not permanently logged on the device. Thus, the only way to isolate a single local client behind a SNAT is through some higher level information such as cookies or other application data. The RIAA, however, is trying to make due solely with the global IP address as evidence.

Not all file sharers, however, use machines that are behind routers that SNAT outbound connections. Some connect their computer directly to their high-speed modems meaning that the global IP is uniquely connected to that one device. It is still argued that the IP address is not sufficient to connect the activity on a computer with any individual. The fact is that an IP address is connected with an electronic device and not a person. In the lower networking layers, an IP address is tied to the unique MAC address of a computer’s network interface, meaning that an IP address can only be tied to that device. It may very well be the case that someone besides the device’s regular user is actually doing the file sharing. This could be another flesh-and-blood individual, a hacker who has compromised that computer, or (perhaps most likely) a piece of malware. Common sense naturally dictates that, in most such cases, it is the computer’s owner who is doing the file sharing. However, I feel enough doubt could easily be injected into a case to make that not hold up in court. My guess is that the RIAA will have to work a little harder.

Filed under: Current Events1 Comment »

1 Comment

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by diademed

    February 3, 2008 @ 11:09 pm

    The problem with this, as with many cases in the technology field is that a ‘jury of your peers’ is far less true than it might sound. A case of this technical nature falls just as many others do, to a sampling of United States residents, indiscriminate of race, occupation, or knowledge. While expert witnesses are almost universally called, the fact remains that it often lies with the ‘layman’ to decide what is sufficient, and what isn’t; not experts in the technology field.

    An example given in a security class I took through the Information school told of a case where the expert witnessed testified to an inaccurate definition of a gigabyte, proving the impossibility of the actions of one party, and part case rested on this evidence. An average American is simply unlikely to know what a SNAT is, or even what an IP address represents, besides some numbers associated with a computer.

    I think part of the RIAA’s ‘success’ comes from pouring incredible amounts of money into building the cases from scratch, and providing their ‘settle your case online’ service. Their mission isn’t necessarily to convict all breakers of copyright law, but to make it not worth the risk. Certainly an average college student that makes a habit of downloading music has reason to think twice, especially with the new PRO-IP bill coming out. I for one cannot imagine how it made it’s way onto the congress floor, much less be seriously considered as reasonable.

RSS feed for comments on this post