
US Court of Appeals: An IP address isn't enough to identify a pirate - ohjeez
https://www.techspot.com/news/76190-us-court-appeals-ip-address-isnt-enough-identify.html
======
notafraudster
The court holds that the plaintiff must demonstrate reasonable evidence the
defendant was the person using the computer.

In this particular case, the defendant ran what amounts to lodging, was
deposed, and it was immediately figured out it wasn't him. The complicating
factor is that because his lodging was medical in nature, he was not able to
hand over guest information.

I mention this context because it's unlikely you would be able to get out of
being sued by saying "Well maybe it was my roommate LOL"

~~~
saagarjha
> I mention this context because it's unlikely you would be able to get out of
> being sued by saying "Well maybe it was my roommate LOL"

Well, the question is whether I'm responsible for the use of my computer
network. If someone hacks into it and starts using it without me noticing, am
I responsible?

~~~
ninedays
France managed to create a law for that specific reason. France decided that
any owner of a connection is responsible for it. So if you invite friends over
and they start to torrent movies or else, you will be responsible.

~~~
squirrelicus
This seems strange. If someone uses my car for a malicious act, or uses my
house's electrical connection to damage the grid, or something like that, I'm
clearly not liable.

~~~
chronial
> If someone uses my car for a malicious act [...] I'm clearly not liable.

It is not that simple if you left your car unlocked. Leaving an unlocked car
around with the key in the ignition is clearly a public danger.

~~~
realusername
If you put a law like this, why even have a justice system? Either you are
guilty of piracy or you are guilty of not securing enough your computer.

Having a case where you are guilty whatever you say makes no sense, especially
for something where the damages to society are very abstract and not proven,
like piracy.

~~~
dragonwriter
It's possible to actually nor have your computer used in piracy, and the
justice system would still be about proving whether it was. Also, even if
there was liability for negligence in security contributing to piracy, it
might be lesser than for willful piracy itself.

The law suggested may be bad, but it doesn't remove the role of the justice
system in determine the existence and degree of liability.

------
r3vrse
It surprises me in a way that "big internet" (AT&T, Verizon, Comcast etc) and
associated large enterprise interests have not been more staunch proponents of
IPv6, at least for fixed consumer connections.

It would be trivial in that circumstance to blow away any kind of NAT and the
pseudo-anonymity/plausible deniabililty it provides and make client devices
performing illegitimate activity directly identifiable.

I wonder if such a ruling might be different in that context. It's a
perturbing thought.

~~~
viraptor
> It would be trivial in that circumstance to blow away any kind of NAT

Why do you think so? NAT can be used for IPv6 is exactly the same way it's
used for IPv4.

~~~
exabrial
IPv6 will _not_ have NAT be the default case... IPv4 NAT _is_ the default for
the vast majority of [home] routers, and offers a bit of privacy protection
built-in.

~~~
viraptor
This is true, but if the op meant what they wrote, then the default is
irrelevant. If you keep a NAT, moving to IPv6 doesn't blow anything away.

------
squirrelicus
When I was 18 or so a dozen years ago I had two detectives show up at my door
(USA). Apparently my neighbor, with whom we were friendly, had connected to
our wifi in order to try to hide his solicitation of a minor (luckily an FBI
agent). They just stopped by to let us know trouble might be headed our way
during the investigation and court proceedings. It was strange. They just
left. Don't know if they ever contacted my dad about it further, but I do know
he confessed to the whole thing.

------
PeterStuer
Some IP addresses are more personal than others. What I mean is that yes, on
it's own an IP address does not pinpoint persons, but devices. So it remains
upon the complainer in the case of a copyright infringement case to present a
further reasoning 'above the speculative level' that the by the IP identified
device at the time of the infringement was under the control of the alleged
infringer.

In this case they failed. That doesn't mean it will always fail.

If you're mobile ISP uses IPv6 for everything and assigned your mobile a
static IPv6 address, then it will be harder to argue it wasn't you.

If you're Home router is provided and managed by your ISP, and it is
configured to use DHCP Static Leases, then the local IP of your mobile phone
(a fairly personal device) is close (not equal) to being equally as effective
as a personal identifier as it's MAC.

If on the other hand you connected to an Open-Wifi set up by an amateur 4
NAT's down that does not keep logs, and you randomize your MAC every time you
connect to a new network, it might be more difficult for tying an IP to your
device without reasonable doubt.

In that last case if the pursuer wanted the open-wifi operator's operation
could be made more difficult by DMCA complaints and leverage through the ISP's
terms of service.

~~~
qoi2ijds0
It usually points to a router, of which there can be hundreds of devices
connected to it on your home network. Securing your wifi is one thing (which
doesn't even absolutely prove that it was one of your home devices that did
the torrenting, thanks to things like the KRACK attacks), but to then say
"well you should secure your internal network such that torrenting cannot
happen" is absolutely ridiculous. Torrent programs can work off any port, so
that filters out port blocks. Is grandma going to install layer 7 traffic
inspection so the grandkids can't doing illegal stuff on that newfangled
interwebs? They'll switch to https then...

My point is that anyone with the technical know-how and very rudimentary
internet access can bypass almost any restriction you try to put on it. What
if the pirate is a minor and won't listen to their parents and keeps on
torrenting? Do you permanently take their internet access away? How does that
then stifle them for school homework or their social interaction? How can we
expect each and every citizen to deploy NSA grade traffic monitoring on their
router? The whole thing is ridiculous and the courts are still vehemently out
of touch

------
analog31
>>> Judge rules that copyright trolls need more than just an IP address if
they want to go after copyright infringement. An IP is not enough proof to tie
a person to a crime.

I didn't see anything in the story to suggest that the plaintiff was acting as
a "troll" in the sense that I understand from reading about patent trolls. In
this case, the plaintiff, while found to be in the wrong, was in fact the
creator of the content and probably intended to commercialize it.

~~~
mreome
I would argue that in the case of file-sharing that it's Trolling when the
plaintiff is going after an individual who, when removed from the system of
distribution, would have no real effect on the rate or availability of the
copyrighted work. Someone just downloading a copy would always fit this
definition, and while BitTorrent always involves some amount of "distribution"
by the legal definition, they don't represent a distributor in a meaningful
way.

Going after this individual does not protect the the monetization of the
copyrighted work. The individual's actions only represent the loss of
motorization for the single copy they _might_ have purchased. The only
possible argument for this protecting monetization of the copyrighted work
would be some kind of "chilling effect" on others sharing, but given the
prevalence of file sharing after decades of such legal cases, this seems like
a extremely weak argument.

Given that, then only reasonable conclusion is that the they are attempting to
make money using the law itself, rather then using it to protect the
monetization of the copyrighted work.

------
jeffdavis
This doesn't seem to be anything new or different. Just because a muder
victim's blood is found on your clothes and you are holding a knife doesn't
necessarily mean you are the murderer -- but it is evidence.

At the end of the day you will be tried by a judge or a jury. If your only
defense is some kind of grand, implausible chain of maybes and what-ifs, they
will rule against you. If you have a perfectly reasonable explanation, then
they won't.

An IP is just evidence.

------
magoon
The content companies were so eager to settle out of court for just this
reason; they knew that if enough of these cases went to court, a judgment
against them results in case law that hinders their ability to strong-arm
casual pirates.

------
mirimir
Good decision. It could have gone badly. That is, that hosting open WiFi
without logging user activity makes you liable for infringement.

------
PeterStuer
The article states that 'this is a win for privacy advocates and pirates'.

I'm not disagreeing, but I hope this will not re-open doors of trying to
leverage this into getting IP addresses out of being privacy linked data in a
privacy regulation context.

------
est
Is it enough to identify state sponsored attacks?

~~~
wu-ikkyu
It would seem so (though it shouldn't be). IIRC the Sony hack was attributed
to NK because they found some NK IP addresses in comments in the code.

------
exabrial
What aggravates me about using IP addresses to accuse alleged pirates is the
same thing that aggravates me about traffic cameras: It's not my
responsibility, duty, or privilege to enforce the law.

------
saurik
I am really curious how this would play out if the user had been running a Tor
exit node.

------
noobermin
Who's up for Gorsuch and Kavanaugh declaring it is?

