How can you tell which computer is uploading p2p on a shared broadband connection?
October 8, 2004 11:37 AM   Subscribe

I've been thinking about the music industry lawsuits. They're based on the IP addresses of the 'uploaders', correct me if I'm wrong. If I live in a shared flat, and we share broadband via a router - how can anyone tell which PC is the evil lawbreaker?

And related... if I run an open wi-fi hotspot, can I be held responsible for what people might upload/download through it?

(This is all hypothetical..)
posted by ascullion to Computers & Internet (20 answers total)
I believe it's whoever's name is on the bill from your ISP. If I recall correctly an elderly woman was charged last year or the year before after her 12 year old grandaughter had downloaded a bunch of MP3s. The RIAA made the woman pay 2 grand or some arbitrary figure (which was a lot of money to her) as a settlement.
posted by dobbs at 12:22 PM on October 8, 2004

They'll sue whoever has their name on the broadband bill. If that's you, but you're not the one doing the uploading, they'd probably just interrogate you until you turned in your flatmate.

You'd have to check the terms of service on your broadband account when it comes to open wi-fi. It's pretty probable that that's not allowed and as such you'd be liable. But IANAL, so YMMV.
posted by bcwinters at 12:24 PM on October 8, 2004

If you're on the bill and have a router which provides NAT( almost nesscerry for sharing broadband ) the NAT log could be matched with the offending IPs, times and, MAC addresses( hardware identifier ) to pin down the piece of hardware on your side of the shared connection. CYA and such.
posted by mnology at 12:29 PM on October 8, 2004

I'm not sure about p2p apps. It does seem like all they can do is backtrack your IP to an ISP. However, your boss/school might also be a concern if you're not at home. For web downloads - by you or others - the information that can be collected includes IP address and a few other miscellaenous bits of information. So, if they were smart about it, and you were not, they could tell what operating system/browser you were using which might delineate you from your flatmates if you had diferent types of computers and were doing evil web deeds [you, or your wifi sharers, incidentally].
posted by jessamyn at 12:32 PM on October 8, 2004

OK, so - in the UK - these are going to be civil, not criminal cases - meaning (I think) that they won't be able to get court orders etc to force people to submit evidence. Even if I'm wrong about that (I'm not a lawyer) - surely in the time between issuing the writ and getting to court, it'd be easy enough to destroy any incriminating evidence that could identify an individual PC beyond the ISPs records?
posted by ascullion at 12:53 PM on October 8, 2004

Actually, scrub that - they must be able to get court orders - or they wouldn't have anyone's name at all...
posted by ascullion at 12:58 PM on October 8, 2004

Never share more than 65 files at once. This will not stop them from coming after you, but it might make it far less likely that you would be selected in anything other than random-shakedown style. (Disclaimer: this advice is a couple of years old, and comes from a techy-type friend of mine, not a lawyer. Use at own risk.)

In the UK they don't have anyone's name yet, as far as what I saw today on the BBC. They will have your IP addy, but they still have to go to court to force your ISP to reveal your identity. Sad to say, they're almost sure to get this--under the anti-terrorism laws if nothing else. It will slow down the process of them coming to get you, but not by too much.

If you are really and truly frightened of being sued, take the drive containing the offending material (it is all on one physical drive, yes?) and destroy it completely. Take a hammer to it. Of course, you have made an offsite backup, preferably in another country, of any critical data you don't want to lose....
posted by Tholian at 1:10 PM on October 8, 2004

If you have strong encryption on your hard drive, can they compel you to give them the passphrase, or is that a violation of the 5th Amendment?
posted by George_Spiggott at 1:31 PM on October 8, 2004

I wonder if they've ever actually gotten to the stage of demanding someone's hard drive... does anyone know of an instance of this happening? Or do all the groups sign non-disclosure agreements as part of the settlement?
posted by ascullion at 1:33 PM on October 8, 2004

There is no Fifth Amendment in the UK. I think there may be some protection from self-incrimination under British law, but I'm not sure. (That's all right. I still have a couple of years to study for the citizenship test.)
posted by Tholian at 1:36 PM on October 8, 2004

I've often wondered if I'd be liable for downloads by random clients on my WiFi network... I have an isolated segment of my network open to the public. It's a violation of my ToS, but if I was able to prove that it wasn't me, could they still indict me?
posted by maniactown at 2:03 PM on October 8, 2004

If you have a swimming pool, and some local kid falls in and drowns, you're responsible. Doesn't much matter that you weren't the one that pushed him in.

I've seen the BoingBoing people speculate that since you're acting in the role of an internet service provider, you may be able to cloak yourself in some of their protections if it came to an open WiFi hotspot. I guess it would depend on how much you really wanted to go to court and risk it. Most people seem to be deciding it's way easier to pay the several thousand dollar settlement that push it and see.
posted by willnot at 2:18 PM on October 8, 2004

F**k the greedy music industry bastards.
posted by SpaceCadet at 4:29 PM on October 8, 2004

I read about this recently. There is a case in the courts right now (NYC - not sure if it's state or Federal, but probably 2nd District Federal) that is one of the ones being fought back against the RIAA. A neighbour had an open WiFi router some other neighbours connected to. He claims he is not the one who shared the files, and indeed is using this as a defence. The theory being:
1. there is nothing illegal about running a free public WiFi hotspot for others
2. engaging in such a hobbyist pursuit does not require the person to constantly monitor every bit of traffic
3. Fair notice: he closed his router upon receiving notification of the suit
4. simple burden of proof: there's no way to prove he was the infringer
So yeah, basically applying the same defences ISPs get to the private hobbyist.

If you have a swimming pool, and some local kid falls in and drowns, you're responsible. Doesn't much matter that you weren't the one that pushed him in.

That's a different scenario, though. There's a known risk the owner is expected to take a minimum standard of care to prevent - all the more so since a pool is an "attractive nuisance." Adults knowingly abusing what could be considered a type of public service and violating Copyright law is a lot different than a tort based on negligence. There's a good argument that it would be impossible to police a wireless connection to prevent this type of activity.

(it is all on one physical drive, yes?) and destroy it completely. Take a hammer to it.
I'd go one step further: cover it in kerosene or gasoline and light 'er up. I mean if you really want to make sure nothing could be read.

No idea how any of this would apply under UK law. In the scenario you describe, US law would probably look at whose name was on the ISP bill, as well as what names were on the lease. There's probably a higher standard you're responsible to under a wireless network inside your home than under a public, open WiFi internet connection.
posted by sixdifferentways at 6:02 PM on October 8, 2004

Thanks for all the replies - I'm not worried personally, I don't use p2p software - but I am interested in punching a few holes in the talk of lawsuits, if possible.

Incidentally, with an open wi-fi network - OK, the ISP could sue for breach of contract, but I don't see what the music industry could do. Anyway, thanks again.
posted by ascullion at 12:00 AM on October 9, 2004

In the UK people get off charges because they can't prove who was behind the wheel of the car at the time the offence happened, regardless of who the owner of the car was. I don't see why it would be any different for a computer.

You do have the right to silence and the right not to incriminate oneself in the UK, which the European Court of Human Rights define as being central to a fair trial. This has, however, not prevented governments from trying to attack this right by police cautioning suspects that if they do use their right to silence, and then later bring something up to defend themselves in court that they haven't mentioned to them, then it may be viewed with prejudice. Something I hope will one day be thrown out for the attempt to undermine the right to silence that it is.

posted by Blue Stone at 12:04 PM on October 9, 2004

Never share more than 65 files at once.

No longer, if ever, true. In the UK, the music industry are targetting 'heavy uploaders', but it's not clear what that means as yet. A repeat sharer of a few files? A one or two time sharer of lots of files? Who knows... From ZDNet: In Britain, music officials said the 28 uploaders have been identified only through their Internet accounts. They are heading to court to get the names and addresses before they can begin the legal proceedings. (though that really should say 'to TRY to get their names and addresses'...

Note: it doesn't matter what is on your hard drive now. Doesn't matter if you destroy it or burn it or flush it down the toilet. The case will be: we have evidence that on [date] the IP address [whatever] was sharing [list of files]. That evidence will have come from their own monitoring. They will have recorded the IP address, recorded that you were sharing a particular file or files, or recorded that you were sharing lots of files. In a civil case, that will probably be good enough...

If you have strong encryption on your hard drive, can they compel you to give them the passphrase, or is that a violation of the 5th Amendment?

5th Amendment doesn't apply in the UK but since the RIP act (yes, that is the name of it - Regulation of Investigatory Powers), you can be put in prison if you refuse to reveal an encryption key to the police. Note that last bit - to the police (or other authority). This isn't going to occur in the civil cases that the music industry is bringing, and see above about the fact that they don't care what's on your hard drive.
posted by humuhumu at 12:43 PM on October 9, 2004

Probably, no one's looking now - but humuhumu, what you say comes back to my central point. If more that one PC shares the same IP address, they'll have to get access to the computer to prove which machine was responsible for the activity... surely?
posted by ascullion at 2:01 PM on October 10, 2004

They would - but they don't really care. In this instance, it's a civil suit so the burden of proof is much lower anyway, but basically, they are saying: we have traced activity back to this IP address. It belongs to this house (or whatever). SOMEONE inside that house is responsible for stealing stuff. So settle with us and we won't prosecute you. Remember, most people are settling out of court with the RIAA in the US. I think only one person has bothered to challenge them and that hasn't come to trial yet. It's like seeing someone steal your car and then following it back to a garage inside a house. Someone drove it there and you know it went in there, but you don't know who.

If it did come to court, you might be able to prove that you (as leaser of the b/b connection or owner of the router or whatever) did not d/l the music, but the music industry still charge that you are responsible in some way. But as I say, they're looking to (i) scare you into settling because legal fees are very expensive and they have c.187,231 lawyers to call on and (ii) get some public relations out of it and deter others from doing the same thing.
posted by humuhumu at 7:20 AM on October 11, 2004

they're looking to (i) scare you into settling because legal fees are very expensive and they have c.187,231 lawyers to call on and (ii) get some public relations out of it and deter others from doing the same thing

Yeah, that's how I see it too. Which basically means that the first person brave and rich enough to challenge the action will probably have a good case...

I think a good comparison is with speeding. In the UK, if a camera catches you speeding, they use your registration number to send you a fine - which you either pay, or somehow prove you weren't driving. which doesn't neccessarily mean you have to tell them who was driving - say the car was borrowed by a family member without your knowledge, and you had a solid alibi. Anyway, I'm rambling...
posted by ascullion at 5:14 AM on October 13, 2004

« Older Voting district via ZIP code website?   |   Apartment in DC Newer »
This thread is closed to new comments.