2

Seeing this question : How can alleged illegal downloading be detected? sparked a question I have had for a long time.

How does repudiation/non-repudiation work in such cases ?

Argument: It is known that violators are determined from Peer-lists of popular torrents and are reported to ISPs which in turn may send a notice. In extreme cases, we have read stories such as a person being reprimanded and heavily fined for p2p use.

How can one determine with absolute certainity that a particular PC/user in a network was involved in the sharing violation. I don't see any way to prove that especially in an environment where there are numerous computers behind a public IP.

Also, one could repudiate that an individual's wireless AP was shared between various people in the vicinity that anyone could have been part of it.

If this is the case, what information can be obtained to isolate an individual from a network and pin-point that individual as a pirate ?

A link to a recent ruling by a judge in Florida : http://torrentfreak.com/ip-address-not-person-140324/

Community
  • 1
sudhacker
  • 4,260
  • 5
  • 23
  • 34
  • 3
    Just pass a law that the owner of the connection is responsible and fine him. ez – CodesInChaos Oct 26 '12 at 15:02
  • IIRC at least in the US, you are responsible for your wireless AP. Meaning, if someone uses your free wifi to do illegal stuff, it's on you. One more reason to secure it. – Null Oct 26 '12 at 15:06
  • 1
    @CodesInChaos they did this in Germany... now only big coffee chains can offer free wifi. Users register for free wifi with a mobile phone. The service is apparently expensive (compared to just sticking up an AP). – mgjk Oct 26 '12 at 15:13
  • 1
    @Null: Open Wifi is not negligence in the USA right now: https://www.eff.org/deeplinks/2012/07/judge-copyright-troll-cant-bully-internet-subscriber-bogus-legal-theory – Bruce Ediger Oct 26 '12 at 15:16
  • 1
    @CodesInChaos: "Pass a law that the owner of the connection is responsible" -Works for corporate/public WiFi's. Would you be OK if you are fined since your negligent room-mate downloaded/shared copyright material ? – sudhacker Oct 26 '12 at 16:17
  • 1
    @-asudhak You have someone to fine. Problem solved. Who cares about evidence, due process and all that crap. @mgjk I'm from Germany, so yes I know about "Störerhaftung". Great legislation here... – CodesInChaos Oct 26 '12 at 16:37
  • @CodesInChaos factually accurate but s/Great/Orwellian/ . – mgjk Oct 26 '12 at 17:06
  • "Laws do not persuade just because they threaten." The Roman orator Seneca said that sometime before 65 AD. I don't think the human situation has changed much. – Bruce Ediger Oct 26 '12 at 18:57
  • @CodesInChaos/@Null: then if the individual is liable for their lack of knowledge/action then surely *anyone* whose hardware propogates any sort of malware is similarly responsible for the consequences. – symcbean Oct 29 '12 at 13:41
  • @symcbean Complicated and jurisdiction dependent. I'd guess that if you used appropriate countermeasures (Anti-Virus+Firewall) and still get infected the liabilities will be limited. – CodesInChaos Oct 29 '12 at 14:04

3 Answers3

1

As far as legally equating an IP address to a person, that's gone both ways in the USA. The USA Supreme court hasn't ruled, so anything is possible. I suppose that in the Axiomatic System of the US Legal system, you could equate an IP address and a person, but in the Real World, you are correct. Such identification is going to turn out false in some cases. For instance, some people have spoofed the system, causing their printers to be implicated in file sharing.

Just as an aside, I think it's a bad idea to put things that come up false, or can be made to come up false on demand, into an axiomatic system. Theoretically, that lets you prove any theorem of the axiomatic system. Disaster for the US legal system.

Bruce Ediger
  • 4,552
  • 2
  • 25
  • 26
0

On technical grounds, there is no way to know short of requiring that everyone "log in" to the internet with a private code they are responsible to keep secure. (For the record, this is a horrible idea as it is also not technically possible for a person to know everything their computer may do while they are on it. Zombie bots for example would make their owner legally responsible for the spam generated in that case.) Otherwise, even if you can track something down to the MAC level of a computer, you have no idea who was actually using it for a given purpose if more than one person has access to the machine.

That doesn't mean legally they might not hold someone responsible who wasn't involved, but there isn't currently a technical mechanism for linking it to an individual person.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110
0

How does repudiation/non-repudiation work in such cases ?

As a legal matter it depends on the jurisdiction for standards of definition and process for reaching a finding.

In a simple technical or logical sense you need to connect evidence with an individual. I believe in many similar US court cases this is done either by precedence or admission.

First you must have evidence of an illegal act. In this case the charge is copyright violation, and the evidence is electronic monitoring of a device on a network advertising files for download. The files advertised by the device include audio recordings protected by US copyright laws. The identity of the audio recordings may be confirmed by downloading the files from the device and either listening to them or digitally comparing the file to the original recording.

The next step is to attempt to uniquely identify the device. This is usually done by IP number. As noted by the original poster, there are problems with using IP addresses for identity. However is most cases, where the user of the device is unsophisticated and has not attempted to spoof, obscure, or obfuscate the IP address, this is a moderately good means of identifying a device.

The next step is the hardest to prove conclusively, but may, depending on standards of evidence, be easier to prove in court. That is who caused the network device to share the audio recordings? This requires chaining identity from the IP address to the device to the individual.

For casual repudiation all the individual needs to do is break one link in the chain from IP to device to individual. The required strength of the repudiation argument depends on the evaluator of the argument. In legal matters this would be a magistrate or jury.

The link from device to individual may be hard to prove. If the device is in a location where multiple individuals have physical access to the device a plausible argument may be made that any of the individuals with physical access caused the device to advertise the copyrighted material.

Likewise the link from IP address to device may be difficult to prove as spoofing IP addresses and listening for IP traffic destined for other IP addresses is trivial to do. Again the requirements for this argument depend on who is the evaluator of the argument.

I suspect in most of the legal matters the injured party (the copyright owners) use a slight amount of technical information and intimidation to coerce the alleged infringer to admit to the illegal act. I suspect if the alleged infringer was uncooperative and had a barrister to represent them that proving the links to identify the individual would be difficult to prove in a legal setting.

this.josh
  • 8,843
  • 2
  • 29
  • 51