{"id":93,"date":"2008-02-02T21:24:37","date_gmt":"2008-02-03T05:24:37","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/02\/02\/latest-on-the-riaa-and-copyright-enfringement\/"},"modified":"2008-02-03T21:08:54","modified_gmt":"2008-02-04T05:08:54","slug":"latest-on-the-riaa-and-copyright-enfringement","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/02\/02\/latest-on-the-riaa-and-copyright-enfringement\/","title":{"rendered":"Latest on the RIAA and Copyright Infringement"},"content":{"rendered":"

(article<\/a>) The RIAA is trying to push the PRO-IP bill through Congress, which would grant them more protection under copyright law, including the ability to sue even more for illegal copying of media. Thought $9,000 per song was too much? Try $1.5 million per CD…<\/p>\n

(article1<\/a>) (article2<\/a>) The Motion Picture Association of America and the International Federation of the Phonographic Industry, among other media giants, are backing Sweden’s decision to charge the individuals responsible for running a public torrent site known as “The Pirate Bay”. The charge is accessory and conspiracy to break copyright law. Many think the charges have no grounds, but even if they lose the trial, according to them, the site isn’t going anywhere.<\/p>\n

(article<\/a>) Since September, when the RIAA lost the Interscope vs. Rodriguez case because of lack of evidence supporting their complaint, the association has attempted to add more details to their case; most notably the IP address connected with the alleged offender. Many believe that this isn’t good enough either.<\/p>\n

I would like to expand upon this last bit, which happens to be directly connected to computer security. The question is whether or not an IP address is indeed enough to associate a given instance of illegal file sharing with the individual doing the sharing. The general consensus is no, and there are many reasons for it. The most obvious scenario is one in which the user is behind a SNAT (Source Network Address Translation), meaning that a single global IP address is shared among multiple users. Outbound connections are translated by the router from a local IP address to the shared address and then sent out. Because of this system, it is impossible to externally discover which local computer is responsible for a given exchange based strictly on the global IP address. Moreover, the only networking related data that could possible make such a connection lives on the router, which it uses to demultiplex inbound packets to the appropriate client. This information changes frequently and in high volumes and is thus not permanently logged on the device. Thus, the only way to isolate a single local client behind a SNAT is through some higher level information such as cookies or other application data. The RIAA, however, is trying to make due solely with the global IP address as evidence.<\/p>\n

Not all file sharers, however, use machines that are behind routers that SNAT outbound connections. Some connect their computer directly to their high-speed modems meaning that the global IP is uniquely connected to that one device. It is still argued that the IP address is not sufficient to connect the activity on a computer with any individual. The fact is that an IP address is connected with an electronic device and not a person. In the lower networking layers, an IP address is tied to the unique MAC address of a computer’s network interface, meaning that an IP address can only be tied to that device. It may very well be the case that someone besides the device’s regular user is actually doing the file sharing. This could be another flesh-and-blood individual, a hacker who has compromised that computer, or (perhaps most likely) a piece of malware. Common sense naturally dictates that, in most such cases, it is the computer’s owner who is doing the file sharing. However, I feel enough doubt could easily be injected into a case to make that not hold up in court. My guess is that the RIAA will have to work a little harder.<\/p>\n","protected":false},"excerpt":{"rendered":"

(article) The RIAA is trying to push the PRO-IP bill through Congress, which would grant them more protection under copyright law, including the ability to sue even more for illegal copying of media. Thought $9,000 per song was too much? … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":18,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-93","post","type-post","status-publish","format-standard","hentry","category-current-events"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/18"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/93\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=93"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=93"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}