Check out Joe Malchow’s article about the RIAA’s internet extortion scam against American students at colleges and universities:
Earlier this week Bloomberg reported (the story is below this post) that record companies have let loose on colleges and universities another barrage of extortion letters, each demanding around $5,000 from students. 405 of these “pre-litigation†letters went out; they were addressed to students who, the companies claim, illegally downloaded copyrighted material. As Bloomberg notesâ€â€and as an e-mail to students from Dartmouth Dean of the College Dan Nelson confirmed just a few days agoâ€â€Dartmouth has been targeted, eleven such letters having recently been received.
Mr. Nelson explains it this way:
Our goal is to share information with you so that you can avoid such a situation and also so that you understand the role of the College in this process.
When the RIAA identifies an apparently unlawful file-sharing transaction conducted via the College computer network, they send a letter to the College identifying the IP address and date/time of the transaction and asking the College to forward the letter to the student to whom the IP address is registered. The letter invites the student to contact the RIAA to negotiate a settlement at a “substantially discounted†rate before a lawsuit is filed. The average settlement is generally around $3,000-$5,000. Students must respond within 20 days of receiving the letter for the lawsuit to be dismissed.
That is probably how the process is explained to every college dean from sea to shining sea. But there seem to be about a thousand things wrong with this account, from a technological point of view.
One is the identification of IP addresses in the first place. They are not secret things at all (yours is 75.69.189.177) but illegal music downloading takes place almost exclusively through peer to peer connections, which means that the computer of one party is directly connected to the computer of the other party. It is not as though Illegal Music, Inc. is selling wrongly-made copies of music files and the Recording Industry Association of America has gained access to its customer list. Illegal transfer takes place between two individuals. Since that is the case, how could one’s IP address be learned?
Read the rest, and if you have network expertise, please advise. I think that there may be a class-action suit in this.
I think Dart guy has it backward here – the RIAA targets by virtue of files being shared, not downloaded. (In many file-sharing programs, downloaded portions of files being downloaded are being shared as the download is in progress.)
Um, I think. On reflection, I didn’t go to like Dartmouth. I’ll stop talking now.
If you want to see all the devices in your “direct connection” use tracert in a Windows command prompt:
At every one of these locations the ip address must be noted to route the ip packet. I don’t know the law but its technically possible to record (save) packets at any of these places. #15 didn’t respond to an ICMP tracert request so that could be the RIAA router. If you’re feelin paranoid.
I will now reset my DSL modem to get a different ip address. Look at how much the transmission speeds up once it gets out of my house.
It’s likely most organizations keep a log of when specific machines (identified by the “MAC address”, the hardware equivalent of an IP and unique to each ethernet adapter) had specific addresses. They’d need this to identify security problems (hackers) and to assist law enforcement if necessary.
Of course, there’s no guarantee the organization can link a MAC address to a specific owner, particularly if they’re providing wireless access.
Well, you’re still logging into an *account* to get access no? So easy enough to tie the *MAC* to an *account* with an *IP*. You know, like in a hotel… the connection is just more persistent in a dorm. I think. I should go see if my clothes are dry.
Happyfeet, you’ve got it right. They take a hacked version of the client, go out and see who is sharing song files.
Problems include people with open wireless access points, institutions (Most notably U Nebraska) that don’t keep DHCP logs long enough to suit the RIAA, and the problems of identifying an infringing file by the name.
I work at a large University, and we’ve had some exposure to this issue.
If you make one of those Pringles can antenna’s and cruise the streets with your laptop until you find an unprotected wireless home, then you can share music files with no worry about your ip address. When the ISP is subpoenaed, they will point to the homeowner, not you. But your MAC address may be saved somewhere so if you’re busted and your laptop is ever checked …
Nah, no worries. Just don’t get arrested for loitering. Or mopery.
But MAC addresses are trivially changed, and are not guaranteed to be unique.
Most of the crap being produced by the music industry these days, they should be paying me to listen to it.
So I guess I am the last person in the world who buys CDs and rips songs from them?
As one of the many musicians who got ground up in the machine, it gives me great pleasure to watch it crash to the ground, thrashing about in its death throes.
nope. and I almost always buy them used. heck, my current project is converting all my vinyl to mp3.
As a photographer who has argued copyright law with friends and clients, I’ve illegally downloaded way too much music which should be under the same copyright protection as the photographic images that are my livelihood.
I’m a big hypocrite on this one, but like Matt Esq. says… so much of the music out there is crud.
So much of my downloading has been about digitally replacing stuff that I have on records, tapes and sometimes even vhs.
You mentioned the possibility of a class-action lawsuit. With the element of extortion present, how about the RICO statute?
Songs are .99 cents a pop on iTunes.
Fight the man!
It’s really hard for me to get worked up over some poor(?) college kids getting hassled by an artist’s rights group. What is the RIAA supposed to do? Shrug their shoulders and say, “Oh well, those precocious college kids really want our clients music for nothing. I guess we just have to let them have it since these intertubes are so tricky.â€Â
If Elvis were alive today he’d be karate choppin every DSLAM’n Central Office his limo came across.
Nope. This is basically the same scheme Microsoft used in ‘99 to try and force companies into one of its enterprise licensing deals. Back then a company would buy a “network copy” of some software that had maybe 25 concurrent users licensed, as more and more people got PC’s the IT guys typically installed a bunch of software that was sitting out on the install drive directly on the end user’s PC, violating the license. MS had a record of the number of lics purchased, your local Chamber of Commerce or business directory had the approximate number of employees in your company and never the twain shall meet. So MS had a third party send out letters just like this.
It’s not that you couldn’t prove compliance, it’s the cost of proving compliance.
Now as far as IP addresses go and file sharing:
Dartmouth has a range of IP addresses assigned to any number of its registered domains: for example
Non-authoritative answer:
Name: dartmouth.edu
Addresses: 129.170.17.94, 129.170.16.106
If an ip from that range is on a P2P network and sharing or downloading copyrighted material,it’s not too tough to figure out what machine it is, even in Windows if you’ve got an active connection and the other guy hasn’t taken any precautions. Even better if he’s always on and basically running a server. If I can get on your network, even better.
Another example from my home network:
Pinging eoin [192.168.2.2] with 32 bytes of data:
Reply from 192.168.2.2: bytes=32 time<10ms TTL=64
Reply from 192.168.2.2: bytes=32 time<10ms TTL=64
Reply from 192.168.2.2: bytes=32 time<10ms TTL=64
Reply from 192.168.2.2: bytes=32 time<10ms TTL=64
Ping statistics for 192.168.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\>arp -a
Interface: 192.168.2.102 on Interface 0x1000003
Internet Address Physical Address Type
192.168.2.1 This one is redacted dynamic
192.168.2.2 00-50-04-94-09-83 dynamic
Physical address is the MAC address.
So, you can see that I can see the mac for 2 other NICs on my home network. There are all sorts of programs out there that can do this better and I’m sure If I can find the address of your router, given enough time I could proably hack the ARP table.
Keep in mind that this is really only for LAN connected computers, but if I’m an invesigator, say, and I have a laptop, I can go to a U and connect to a wireless network anywhere and fire up Bittorrent and catch a few local addresses. The U is hoping, probably against hop, that it has no log data.
You can turn a lot of this off and you can use a proxy to protect yourself, you can use a tool like (don’t want to get Jeff mad at me so I deleted that) to block known bad ip’s from your file sharing program. But that’s just you. Think about it, how many students go to Dartmouth? How many of them do you think have downloaded a torrent of some new crap albumn? A lot, proably and the RIAA has evidence that 11 did. So think about it. If you’re Dartmouth. You’ve got 11 known abusers on your network. They’ve been offered a settlement. If they don’t settle, could the RIAA force an ediscovery supeona (I’ll never, ever spell that correctly) on you? Think about it, did those kids have email administered by the school? Did they have a network share? Access to other computers?
If you’re smart, you pressure the kids to go for a negotiated settlement then you have your IT staff throttle file sharing protocols. People will still do it, but it will be painful on the University network and they’ll end up downloading season 2 of the Office from a freinds DSL in their off-campus apartment. The network will eventually fade out as the big fat pipes dry up.
You can still buy cassettes, like we did in the old days, only now you can filter out the tape noise.
I vote for: Come up with a pricing model more sophisticated than that of the average street handjob whore?
Hmmm.
That actually is a violation of federal law and a chargeable felony. Particularly if the investigator was actually stupid enough to testify about it in a court of law and under oath.
Another point to consider:
How timely are the letters from the RIAA? If they’re sending letters for file sharing that happened during a semester then identification should be straightforward. If they’re sending letters for something that happened a couple years ago, I think that might be a little more difficult.
How exactlly? That doesn’t make sense to me. If I connect to a free, public, open access network and fire up a bittorrent client, I can see the ip addresses of each peer that I connect to, the ones that upload from me and the ones that I’m downloading from. All of that info is freely given.
If I put an expensive watch on my front porch and a guy drives up and steals it, is it a felony to give the police his license plate number?
Hacking the table is different, granted, but asking for the id of any computer that directly connects to yours should be SOP. What if I have a print server running on my laptop and I connect to free WiFi in a park, If I decide to use MAC filtering to limit access to my own devices, would it be a felony for my system to query the arp table when someone tries to access me? Would it be a felony for me to log it?
Let me ask you another, related question. What about anti-spam tools that check for open mail relays? What about real-time black holes? If I access your mail system to see if I can spoof mail off of it, and then I put that ip on a list that I then sell, is that a felony?
Because I have a university connection, I have a bit of inside knowledge about this.
From what I understand, some universities simply tell the RIAA to go pound sand in response to these extortion letters.
In most other cases, the RIAA isn’t likely to find the PC they’re looking for as long as the university doesn’t roll over and play dead for them.
Even if the RIAA can glean the machine’s private IP, unless the university provides some sort of logs to make a correlation between a particular PC, that private IP, and the university’s public NATted IP, along with something that actually identifies the machine’s user, the RIAA is SOL. Even a subpoena is useless if the university deletes the logs that might make one or more of those connections, which I’m told many of them do, for space reasons if nothing else.
So it’s hard to imagine how the RIAA would get anything that would stand up in court if they can’t prove that Joe Student was logged onto a computer that had x.x.x.x IP address on the abcuniversity.edu network at a specific time and date.
nope. and I almost always buy them used. heck, my current project is converting all my vinyl to mp3.
That’s what I’m doing, it takes a while but its pretty nice to have a copy of those old records, especially since a lot of the ones I and my brother have aren’t being made into CDs.
So, what if you own the record, but download a CD quality version of the song? Is that piracy or just cleaning up your current copy? Is making a computer stored copy and a CD of a record copyright violation?
Depends on the judge.
What’s even more frightening is that the ediscovery rules that went into effect in Dec could be used to define your logs as business records, especially if you are in the business of providing access to the internet through your routers.
Hmmm.
Because it’s a violation of federal, and probably state, law to hook up a computer to a wireless network without permission. It doesn’t matter if the public can access it without requiring explicit sign-ons. You are required, as a computer owner, to explicitly not log into wireless networks to which you do not have explicit access.
Computer Fraud and Abuse Act
Florida man charged with felony for wardriving
…
*shrug* perhaps I mis-read the following:
To me this quote is talking about going to a university and using a University-owned wireless access point, i.e. within the University’s network, in order to capture the internal IP addresses. This would give the investigator the correct IP addresses in order to track down the violating computers. If the investigator is using a non-University wireless access point then the investigator would have to deal with NAT’d IP addresses, i.e. translated, which means digging through logs and so requiring court orders for the University to cough them up.
If this isn’t what is meant, then there’s no actual point to “I can go to a U” as the only reason for “go to a U” would be to use the University’s network.
So my point, which might be due to my mis-reading of the original point, is that any investigator that tries to use the University’s own network to pursue students that use bittorrent would be violating the law. If the University’s network isn’t being used, i.e. all access is outside the network, then no problem.
Did I explain myself fully?
You’re perfectly clear, but I’m not talking about wardriving.
I’m the one who wasn’t being real clear. In the original post I was talking more about how it’s done, in the second post I’m talking about access to an open and public network.
So your second point closer to my original point. If I had a longer attention span there probably would have been a post in between explaining the first post and leading up to the second. And I’m sure there was, but instead of typing it I probably just muttered it to myself as I finished the collage of masonic symbols cut from the pages of the Victoria’s Secret catalogue.
But that probably depends on how you define business. Since they all seem to be on the public teat these days, and usually looking for ways to suckle harder, I’d have to say the typical university is not a business. I’d further say that they are not, unlike an ISP, in the business of providing internet access (that would also be true of a great number of actual businesses).
Some judges might be persuaded to issue subpoenas, but if the records are gone prior to the discovery request as part of normal system operation, it doesn’t do much good. Under the new eDiscovery rules they might be in trouble if they went back and deleted things after being served, though.