17 Apr 13 – Update
On 16 Apr 13, Morgan Pietz filed his response to Prenda declaration (ECF NO. 108, see below). The are all worthy of a read, but of particular interest to this post is the declaration of Seth Schoen, Senior Staff technologist, EFF, concerning the declaration of declaration of Joshua Chin. 117 – Memorandum in Reply 117-1 Pietz Dec’l. 117-2 Exhibits KK to QQ to Pietz Dec’l 117-3 Shoen Dec’l
Mr. Schoen’s analysis is broken in the following parts: The accuracy of Plaintiff’s method of identifying infringing IP addresses, The usability of partial downloads from BitTorrent, and the metadata (authorship) of various Prenda documents.
Mr. Schoen states the Peter Hansmeier declarations he reviewed are are missing key information. Based on the available information, Mr. Schoen is of the opinion Plaintiff’s process of identifying the IP addresses of infringing systems is flawed and could result in false-positives.
Mr. Schoen points out that regarding the usability of a partial BitTorrent download, the VLC media player mentioned by Mr. Chin will likely have trouble playing it unless the first part of the file has been downloaded. As most BitTorrent clients do not download the first part of a file in sequence, there is a good possibility a partial download would result in a unviewable file. This possibility means for partial downloads, the alleged infringing IP addresses may never had a usable file and thus would be a false-positive identification.
Mr. Schoen states the analysis of metadata found in various Prenda filings disclosed three different entities were the creators of the reviewed documents (SH01, SH05, and Paul). The “Paul” is entry is significant, as it presumably shows Paul Hansemeier has been involved in the preparation of pleadings on this case since December 2012.
Can’t wait to see what Judge Wright thinks of all this. Until then, please take a read of the Popehat posting on Prenda.
One of the recent Prenda documents filed in case 2:12-cv-08333, is the declaration of Joshua Chin, 8 Apr 13, ECF NO. 108-1. 108-1 Decl of Chin This declaration was part of Prenda’s response to the 2 Apr 13, Order To Show Cause Hearing, in which the main players invoked their 5th amendment rights against self-incrimination. 108 – Response Mr. Chin was hired by Prenda Law, Paul Duffy, and Angela Van Den Hemel to provide an “objective” analysis on:
- The process used by Prenda (via Peter Hansmeier, 6881 Forensics LLC). Was sufficient to identify IP address being used to conduct copyright infringement?
- The best and most reasonable method to identify the true copyright infringer using the identified public IP address (see above).
I will say Mr. Chin has the background, education, and experience to be a computer security expert. Not that I think that his opinions are completely on track. Still I bet his resume is still better than Peter Hansmeier, Technician, 6881 Forensics LLC.
I first note that Mr. Chin did not assess the proprietary software used by 6881 Forensics LLC, or its reliability. Mr. Chin’s expert opinion was based only on analysis of the Peter Hansmeier declaration (1:12-cv-04238), the 7 Feb 13 Show Cause Order, the pleadings, and other documents filed by Plaintiff and defendant, as well as ‘other’ documents/articles of relevance.
Mr. Chin stated he did have some reservations concerning Mr. Gibbs conclusions that the wireless Internet signal of the alleged infringers was not accessible outside the ISP subscriber’s residence. That is a nice way of telling the person who hired you that Gibbs doesn’t know what he is talking about. Mr. Chin states that just because Mr. Gibbs doesn’t truly understand small home/office wireless firewall routers (WFR) at the center of these cases, they (Gibbs/Prenda) still took reasonable steps to identify the actual infringers. I’m trying not to chuckle. Gibbs (and Prenda) were the one pushing these cases (locally & nationally) for some time and they do understands the limitation of culpability based only on the public IP address. There have been various Prenda statements admitting to this fact. As this document was written for Prenda, Duffy, and Van Den Hemel, I doubt Gibbs was asked his opinion on this matter since they tried to discredit him. Techdirt Article
Mr. Chin’s opinion is if the ISP subscriber isn’t forthcoming with information concerning his network, the security of it, its users, or who the potential infringer is/was, the next step is the forensic examination of the system(s). Mr. Chin regurgitates the Gibbs statement that they (Prenda) will dismiss personnel from these cases if “sufficient” information is provided that shows the ISP subscriber is not the infringer. Of course what is deemed “sufficient” is up to Prenda Law. As Prenda Law has repeatedly use the negligence claim in complaints, as well as telling ISP subscribers they are likely responsible because they are the ISP subscriber (via the settlement demand letters), I find this statement pure BS (my opinion).
I know of no Prenda cases that have gone through a forensic examination. If I’m wrong, please advise. I know of discussion for such forensic analysis, but nothing to suggest it has actually taken place. If this is the logical next step according to Mr. Chin, how come Prenda Law has not done this on multiple cases? Because it cost so much and Prenda doesn’t want to risk finding nothing. What if the offending system was an unauthorized user of the wireless network? Once the offending system leaves the ISP subscriber’s network, there is no evidence to be found – Period. The best Prenda would be able to do is try to develop a list of personnel who possibly used the network at the date/time recorded. Developing additional leads and following up on them costs money. It is cheaper and safer to bluff and bluster and eventually cut and run if it doesn’t work out.
The recording of the public IP address is only a start. There is too great a possibility the ISP subscriber is not the offender and doesn’t know who is. The claim they try to engage the ISP subscriber in a discussion does not get them to the reasonable investigative effort level in my opinion. If an ISP subscriber doesn’t want to talk to Plaintiff, that in no way shows due diligence on their part. Just because it costs more to do a real investigation, doesn’t mean Plaintiff should be given an easy road to threaten people with $150K+ judgments against them. Also doing a simple public records checks to determine if a male, age 13-45, computer user, with an Internet presence, is a resident, is a joke as far as an investigation goes.
Mr. Chin goes on to claims in the last 2-3 years, ISP furnished WFRs and WFR hardware manufacturers have enable default protections modes to ensure secure networks. My knowledge and experience isn’t perfect, but the only default protection I know of is the “default” user name and password to access the WFR and change the settings. For all the WFRs I have played with, the wireless security mode (WEP, WPA, WPA2, etc.) is always set to disabled by default unless you use a “set-up utility” or change it manually. Example: The Linksys E Series routers if manually set-up are “Open” as far as wireless security. If you run the Cisco Connect utility, it will enable security features to include WPA/WPA2 mixed mode. Even if people do enable wireless security, there is the chance they will make a mistake and select a weak security mode such as WEP. WFR security settings are not fool-proof and it is another reason why Plaintiff should not be allowed to use their simplistic public IP collection methods as a ‘reasonable’ measure to identify the infringer. We have seen various cases where police have executed a search warrant of a residence for downloading/sharing child porn and then found out the ISP subscriber was not responsible. Criminal Case Example The final determination was only after an investigation cleared the ISP subscriber and identified the true offender.
Mr. Chin makes the valid point that unless an infringer is observed in the act OR decides to admit his activity, there is no way to truly determine who did it.
… there is no legal method by which an investigator could with absolute certainty conclude that the identified subscriber was the only person in a residence or commercial building engaged in the downloading of copyright material at any one time.” (Pages 7-8 of 9, (16. i.))
I got a good laugh at section 17., where Mr. Chin states the costs of a traditional investigation “greatly prejudice” the copyright owner’s efforts to protect its rights. I don’t believe these Troll cases have anything to do with protecting the content owners. This is a business model to generate settlements on a repeatable basis.
The last part of section 17., is the telling part. Mr. Chin believes making the Troll/Plaintiff conduct more of an investigation is “… not in the best interest of the copyright owner who is attempting to stem the tide of pervasive piracy.” He believes the current methods employed against multiple alleged infringers is adequate and provides sufficiently similar, if not identical results that a time-intensive stake out would provide.
The fact that it is “hard” or “expensive” is no reason to justify their actions of threatening all identified ISP subscribers with financial ruin and social embarrassment based on the simplistic collection of a public IP address. The error potential is too great and the harm done to innocent people in the name of “protecting content owners” is disgusting.
DieTrollDie 🙂 “Some ships are designed to sink… others require our assistance.”