About | Buy | Forum | Industry Watch | Learning Curve | Products | Search | Twitter | Xnews
Home » Learning Curve » Red Hat Diaries

How Lucky Do You Feel?

Do you have enough money? By Mack Diesel.


Buy It

Try It

The MAFIAA are victorious in Round 2 of the Jammie Thomas debacle, awarding the record labels a jaw-dropping $1.92M for the alleged sharing of 24 songs.

That's $80,000 per song for those too lazy to do the math. Decided by her 'peers'. How they sleep at night is up for debate.

Let's put aside the fact that she hired a Lionel Hutz to represent her, she couldn't get her stories straight over her hard drives, and that she had 1700 songs on her drive, which is not even a sizable collection.

The MAFIAA had her MAC address as her box was directly connected to her cable connection with no router in between (idiot). With her Windows box exposed to the net in such a way, what is to stop someone from pwning her machine, use it as a proxy, and let's say be a little devious with it by sharing... oh 24 songs (or 1700; take your pick)? How does a MAC address tell you who was actually sitting in the chair? Let's say there was a router. 'We have your IP!!11' OK. Which box on the subnet did it? How do you prove who was the alleged infringer when all you have is a gateway IP address?

The hard drive debacle was a huge turning point in the case. Normally, HDD replacement involves sending the old one back. But let's say that she did have the old HDD and forensics showed that the files weren't there. MAFIAA lawyers then shout, 'BUT YOU DELETED THE SONGS!' Who is the jury going to believe? How much $$$ are you willing to bet? $5000 vs. nearly $2M?

Let's say the defense argues that if the songs were deleted, forensics would show it. But the songs weren't there to begin with. Yet, let's say she had copies of Eraser and Truecrypt on her drive. Oops. The MAFIAA's lawyers then argue, 'A-ha! The songs weren't there because she either used Eraser to wipe her tracks or Truecrypt to hide them!'

Who is the jury going to believe?



Now let's move onto another hypothetical example.

Seven people live under one roof. The network is wireless-based and four computers are up and connected. Two friends come over with their laptops for a grand total of six machines on the network. One of those friends sets up the network for the family but was a total boob and did not password-protect it. The eldest member of the family is the person billed by the ISP and knows next to nothing about computers.

All of the machines are fully patched and some of them have Truecrypt installed. All of them are capable of performing 7 or 35 pass (Gutmann) shreds.

There is a shitload of music on this network - some of it badly tagged, some of it ripped from CDs, some of it downloaded from P2P, some of it purchased on iTunes, Amazon, and Beatport, some of it was free promotional downloads, and others were entire DJ sets. There is no way to really audit all of the music as iTunes does a crappy job when it comes to ID3 tag management. The files are all over the place. And let's not forget the fact that there are many people living in this house, so there is a very high likelihood of multiple accounts on each computer with their own music libraries and activities. There is probably a P2P app or two somewhere in all of this.

The neighbourhood is also not a great one and there are a lot of wardrivers.

Let's say a wardriver pulls up and leeches off of the network. Like the boob he is he has an unpatched Windows laptop and is using the latest P2P fad with sharing enabled by default because he's too ignorant to dive into his preferences before downloading away. He decides to snag a few songs while he has about 25 of the latest bubble-gum pop 'hits' in his share folder for the taking. MediaSentry finds out. However, the wardriver is already long gone.

Days later, the eldest member of the family receives an infringement notice from the MAFIAA, claiming that his IP address was used to illegally download and share files. They send him a report showing the IP address at the time of the alleged infringement as well as confirmation from his ISP that it was him. They offer to settle for $5000 or go to court and sue for much larger penalties. He has no idea what any of this means and has to have one of the other family members explain it to him. He thinks it's bullshit and decides to fight.

$5000 vs. potentially $2M. How lucky does he feel? And let's not forget that every HDD in the house is fair game. The MAFIAA would have a field day. Go back and reread the scenario if you have to. Think about it.

Now let's change one part and say that the boob who set up the network used a weak 128-bit WEP password. WEP is usually the default protocol and people and places say it's 'good enough' to keep the leechers out.

This time, however, our wardriver has his cracking tools and manages to crack the WEP password in mere minutes (since it's stupidly simple). Again, 25 songs and MediaSentry finds out. The wardriver is again long gone and the eldest member of the household gets the notice.

How lucky does he feel? What price will he pay to prove his innocence? Especially since the MAFIAA has been known to sue dead people, grandmothers, and 12-year-olds?

More than likely, his 'peers' on the jury will know next to nothing about networking, let alone computers except the Windows Start menu, Internet Explorer, and Word.

How lucky does he feel?



Lastly, let's say that you don't have any P2P software on your machine. The MAFIAA comes knocking with an infringement letter claiming that your IP address was used to share files. They send you a report from MediaSentry along with verification of your IP address from your ISP at the time of the alleged infringement. You live alone, have the only computer in your flat, don't share files, and if you did, you know how to cover your tracks.

Are you willing to bet $5000 vs. $2M on proving your innocence to a bunch of 'peers' who don't know jack shit about networking, let alone computers? Are you willing to roll the dice? How lucky do you feel?

This woman was convicted not once but *twice* on shoddy evidence and a shoddy defense. The initial judgement of $220K was enough to make heads spin - but ten times the amount this time around? For songs that at most are $1 each to download?

The precedence set by this case is truly fucking frightening. If the MAFIAA comes knocking, you had better hope that your jury isn't made up of incompetent boobs.
 - Mack Diesel

Mack Diesel is a technology writer who uses both Mac OS X, Ubuntu, and open source in general.

See Also
MAFIAA: RIAA and MPAA Merger Announcement
Hall of Monkeys: Cara Duckworth, Hilary Rosen, Elizabeth Birch

About | Buy | Forum | Industry Watch | Learning Curve | Products | Search | Twitter | Xnews
Copyright © Rixstep. All rights reserved.