Prenda Expert Declaration – AKA: No Absolute Certainty Of Identifying Infringer – 2:12-cv-08333

17 Apr 13 – Update

On 16 Apr 13, Morgan Pietz filed his response to Prenda declaration (ECF NO. 108, see below). The are all worthy of a read, but of particular interest to this post is the declaration of Seth Schoen, Senior Staff technologist, EFF, concerning the declaration of declaration of Joshua Chin.  117 – Memorandum in Reply   117-1 Pietz Dec’l.   117-2 Exhibits KK to QQ to Pietz Dec’l   117-3 Shoen Dec’l

Mr. Schoen’s analysis is broken in the following parts: The accuracy of Plaintiff’s method of identifying infringing IP addresses, The usability of partial downloads from BitTorrent, and the metadata (authorship) of various Prenda documents.

Mr. Schoen states the Peter Hansmeier declarations he reviewed are are missing key information.  Based on the available information, Mr. Schoen is of the opinion Plaintiff’s process of identifying the IP addresses of infringing systems is flawed and could result in false-positives.

Mr. Schoen points out that regarding the usability of a partial BitTorrent download, the VLC media player mentioned by Mr. Chin will likely have trouble playing it unless the first part of the file has been downloaded.  As most BitTorrent clients do not download the first part of a file in sequence, there is a good possibility a partial download would result in a unviewable file.  This possibility means for partial downloads, the alleged infringing IP addresses may never had a usable file and thus would be a false-positive identification.

Mr. Schoen states the analysis of metadata  found in various Prenda filings disclosed three different entities were the creators of the reviewed documents (SH01, SH05, and Paul).   The “Paul” is entry is significant, as it presumably shows Paul Hansemeier has been involved in the preparation of pleadings on this case since December 2012.

Can’t wait to see what Judge Wright thinks of all this.  Until then, please take a read of the Popehat posting on Prenda.

DieTrollDie 🙂


One of the recent Prenda documents filed in case 2:12-cv-08333, is the declaration of Joshua Chin, 8 Apr 13, ECF NO. 108-1.   108-1 Decl of Chin   This declaration was part of Prenda’s response to the 2 Apr 13, Order To Show Cause Hearing, in which the main players invoked their 5th amendment rights against self-incrimination.   108 – Response   Mr. Chin was hired by Prenda Law, Paul Duffy, and Angela Van Den Hemel to provide an “objective” analysis on:

  • The process used by Prenda (via Peter Hansmeier, 6881 Forensics LLC).  Was sufficient to identify IP address being used to conduct copyright infringement?
  • The best and most reasonable method to identify the true copyright infringer using the identified public IP address (see above).

I will say Mr. Chin has the background, education, and experience to be a computer security expert.  Not that I think that his opinions are completely on track.  Still I bet his resume is still better than Peter Hansmeier, Technician, 6881 Forensics LLC.

I first note that Mr. Chin did not assess the proprietary software used by 6881 Forensics LLC, or its reliability.  Mr. Chin’s expert opinion was based only on analysis of the Peter Hansmeier declaration (1:12-cv-04238), the 7 Feb 13 Show Cause Order, the pleadings, and other documents filed by Plaintiff and defendant, as well as ‘other’ documents/articles of relevance.

Mr. Chin stated he did have some reservations concerning Mr. Gibbs conclusions that the wireless Internet signal of the alleged infringers was not accessible outside the ISP subscriber’s residence.  That is a nice way of telling the person who hired you that Gibbs doesn’t know what he is talking about.  Mr. Chin states that just because Mr. Gibbs doesn’t truly understand small home/office wireless firewall routers (WFR) at the center of these cases, they (Gibbs/Prenda) still took reasonable steps to identify the actual infringers.  I’m trying not to chuckle.  Gibbs (and Prenda) were the one pushing these cases (locally & nationally) for some time and they do understands the limitation of culpability based only on the public IP address.  There have been various Prenda statements admitting to this fact.  As this document was written for Prenda, Duffy, and Van Den Hemel, I doubt Gibbs was asked his opinion on this matter since they tried to discredit him.   Techdirt Article

Mr. Chin’s opinion is if the ISP subscriber isn’t forthcoming with information concerning his network, the security of it, its users, or who the potential infringer is/was, the next step is the forensic examination of the system(s).  Mr. Chin regurgitates the Gibbs statement that they (Prenda) will dismiss personnel from these cases if “sufficient” information is provided that shows the ISP subscriber is not the infringer.  Of course what is deemed “sufficient” is up to Prenda Law.  As Prenda Law has repeatedly use the negligence claim in complaints, as well as telling ISP subscribers they are likely responsible because they are the ISP subscriber (via the settlement demand letters), I find this statement pure BS (my opinion).

I know of no Prenda cases that have gone through a forensic examination.  If I’m wrong, please advise.  I know of discussion for such forensic analysis, but nothing to suggest it has actually taken place.  If this is the logical next step according to Mr. Chin, how come Prenda Law has not done this on multiple cases?  Because it cost so much and Prenda doesn’t want to risk finding nothing.  What if the offending system was an unauthorized user of the wireless network?  Once the offending system leaves the ISP subscriber’s network, there is no evidence to be found – Period.  The best Prenda would be able to do is try to develop a list of personnel who possibly used the network at the date/time recorded. Developing additional leads and following up on them costs money.  It is cheaper and safer to bluff and bluster and eventually cut and run if it doesn’t work out.

The recording of the public IP address is only a start.  There is too great a possibility the ISP subscriber is not the offender and doesn’t know who is.  The claim they try to engage the ISP subscriber in a discussion does not get them to the reasonable investigative effort level in my opinion.  If an ISP subscriber doesn’t want to talk to Plaintiff, that in no way shows due diligence on their part.  Just because it costs more to do a real investigation, doesn’t mean Plaintiff should be given an easy road to threaten people with $150K+ judgments against them.  Also doing a simple public records checks to determine if a male, age 13-45, computer user, with an Internet presence, is a resident, is a joke as far as an investigation goes.

Mr. Chin goes on to claims in the last 2-3 years, ISP furnished WFRs and WFR hardware manufacturers have enable default protections modes to ensure secure networks.  My knowledge and experience isn’t perfect, but the only default protection I know of is the “default” user name and password to access the WFR and change the settings.  For all the WFRs I have played with, the wireless security mode (WEP, WPA, WPA2, etc.) is always set to disabled by default unless you use a “set-up utility” or change it manually.  Example: The Linksys E Series routers if manually set-up are “Open” as far as wireless security.  If you run the Cisco Connect utility, it will enable security features to include WPA/WPA2 mixed mode.  Even if people do enable wireless security, there is the chance they will make a mistake and select a weak security mode such as WEP.  WFR security settings are not fool-proof and it is another reason why Plaintiff should not be allowed to use their simplistic public IP collection methods as a ‘reasonable’ measure to identify the infringer.  We have seen various cases where police have executed a search warrant of a residence for downloading/sharing child porn and then found out the ISP subscriber was not responsible.  Criminal Case Example   The final determination was only after an investigation cleared the ISP subscriber and identified the true offender.

Mr. Chin makes the valid point that unless an infringer is observed in the act OR decides to admit his activity, there is no way to truly determine who did it.

… there is no legal method by which an investigator could with absolute certainty conclude that the identified subscriber was the only person in a residence or commercial building engaged in the downloading of copyright material at any one time.” (Pages 7-8 of 9, (16. i.))

RB1“There is no such uncertainty as a sure thing.”{Robert Burns}

I got a good laugh at section 17., where Mr. Chin states the costs of a traditional investigation “greatly prejudice” the copyright owner’s efforts to protect its rights.  I don’t believe these Troll cases have anything to do with protecting the content owners.  This is a business model to generate settlements on a repeatable basis.

The last part of section 17., is the telling part.  Mr. Chin believes making the Troll/Plaintiff conduct more of an investigation is “… not in the best interest of the copyright owner who is attempting to stem the tide of pervasive piracy.”  He believes the current methods employed against multiple alleged infringers is adequate and provides sufficiently similar, if not identical results that a time-intensive stake out would provide.

The fact that it is “hard” or “expensive” is no reason to justify their actions of threatening all identified ISP subscribers with financial ruin and social embarrassment based on the simplistic collection of a public IP address.  The error potential is too great and the harm done to innocent people in the name of “protecting content owners” is disgusting.

DieTrollDie 🙂  “Some ships are designed to sink… others require our assistance.”

About DieTrollDie

I'm one of the many 'John Does' (200,000+ & growing in the US) who Copyright Trolls have threatened with a civil law suit unless they are paid off. What is a Copyright Troll? Check out the Electronic Frontier Foundation link -
This entry was posted in Paul Duffy, Prenda Law Inc. and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

23 Responses to Prenda Expert Declaration – AKA: No Absolute Certainty Of Identifying Infringer – 2:12-cv-08333

  1. free speech is only for the rich, silly prole says:

    “I find this statement pure BS (my opinion).”



  2. still confused says:


    …a declaration of a declaration? what kind of “expert” analysis is that? it seems more of an insult since he is a Security and Audit Specialist that specializes in internal and external network penetration techniques. idk – imho it’s kinda weird that he signed off on it without having ALL the necessary information to make a true professional assessment.

    -objective as in – “something that one’s efforts or actions are intended to attain or accomplish; purpose; goal; target. ”
    -or objective as in – “not influenced by personal feelings, interpretations, or prejudice; based on facts; unbiased, impartial”
    -or objective as in “of or pertaining to something that can be known, or to something that is an object or a part of an object; existing independent of thought or an observer as part of reality. “

    • Anonymous says:

      He’ll be rebutted by Pietz’s IT expert by tomorrow midnight. What’s surprising is that Mr. Peter Hansmeier, computer forensics expert touted up and down several Prenda, et al cases/complaints, made no declarations. Odd, since, you know, he’s supposed to be an expert and his declarations have been used several times for ex parte discovery orders. One might think, even though he’s party to the OSC, that perhaps there is some other reason for his reluctance. It’s almost as odd as how he and Mark Lutz (purported CEO of AFH and I13?) had no legal representation on April 2nd.

  3. that anonymous coward says:

    Ohai DTD… I saw this little ditty before…

    “The Chin declaration is pretty funny.

    Wolverine lost 20 million due to piracy, except those numbers are self reported with little evidence to support them. These number come from an industry that still claims the original Star Wars films have no recouped, despite the huge amount of money they have earned.

    The system as described, which means he hasn’t seen the actual system. As described the OSX operating system was secure against viruses, and then it feel. We all have perfect “systems” in place and sometimes we short cut on things because we get the same result more often than not.

    Estimated costs of piracy vs actual costs. This is a court of law not a place where conjecture is to be used.

    Wireless signals can be blocked by stuff, people use passwords. Except we’ve seen actual images that do not match the narrative and hacking wifi isn’t exactly something that requires a supercomputer to do.

    Finding out who owned it would violate CFAA. Except for sniffing the available information to determine the name offered by the device offering the connection which then could be used to locate the owner of a specific signal. Except the “investigations” done to date have been verify there is someone with a penis in the home, send the threat and try to get them to implicate someone else if they insist it wasn’t them, then send letter D that demands payment for negligence.

    They were not forthcoming with evidence… well let me threaten you with $150,000 in fines and lets see how many questions of mine your willing to answer. Note you missed the letters in other cases where the computers of the accused were offered up for examination to prove their innocence and they declined to look while still demanding payments.

    His lay comprehension of understanding is material to the matter at hand. He is making claims that do not accurately reflect reality. If he lacks understanding of the topic how can he speak authoritatively to a court?

    Yes ISPs are not required by law to hand over information to any idiot who demands it, in fact it would violate the law and the contracts to behave in such a manner. But go ahead and try to color it as the ISPs are shirking a duty they owe.

    You have all of these shiny metals and associations, can you locate Mr. H listed as a member of any of those? The declaration he is an “expert” seems to lack anything to substantiate those claims on his part.

    “the participant by default immediately becomes both a receiver and a distributor of the file being traded.” Doctrine of unclean hands, you participated in an event making it worse to improve your case.

    Incomplete files can be played by VLC… how incomplete of a file?

    University kids can do stuff, how many universities were a party to this case? The average university offers much more speed than a home connection.

    ISPs that furnish hardware often send the cheapest electronics that are out of date, consumers often obtain their own devices which might not ship protected. ISPs also charge higher fees for devices offering wifi and many consumers will take the cheapest device to get connected and then route it out via their own equipment.

    500,000 movies a DAY! Except how many does just this 1 copyright holder own?

    Game of Thrones!!! Is not niche porn even on a good day. Game of Thrones can be purchased, where are Prenda’s things available?

    Your company works out of a PO box on a flashy website without much detail about how you operate.
    Your basing your findings on statements that are given by people accused of fraud upon the court, not actual examination of the systems. Yes your honor I conclude based on what this other person claimed the tree totally jumped out in front of the car.

    Smoke and mirrors with a shiny package.
    But then this isn’t my first rodeo and I’m not being paid to prop up some claims.”

  4. what happened here? says:

    A Virtual Boot Camp Student Finds Cyber Camp Offers Very Real Challenges
    The summer cyber camp taught students like Josh Chin to prepare for and recover from computer network attacks.

  5. Tardis says:

    Such a Parcel of Rogues in a Nation, just for the Rabbie Burns reference.

  6. Guest says:

    In other words, “It’s too damn hard to find the right person; please let us demand several thousand dollars per person we accuse so we can make mo – I mean, barely break even.” Yeah, that’ll go over well.

  7. He's just a kid !!! says:

    he’s just a kid! We were wondering why it read like a school report.

    Thought it was also strange that given he’s “played” at Symantec: and here:, that his web references haven’t been verified though Norton’s Site Safety:

    Also noted his LinkedIn (Executive Director) and ZoomInfo (Assistant Vice President, Field S… ) are contradictory and there was something strange about the ZoomInfo references to the cached versions – and here:

    We really hope this kid wasn’t mislead into believing his “declaration” about another persons declaration or that being a part of this fiasco was going to somehow help his career

    • DieTrollDie says:

      There are certainly more qualified personnel Prenda could have hired, but they tend to like to go the ‘Craigslist” route at times. His experience isn’t very extensive and he doesn’t appear to have any of the higher level computer/network security/forensic certifications. Certifications are not an ultimate proof of competence, but they usually show the person did expend a certain amount of time and effort to reach that level. I don’t believe his analysis is very objective and this could haunt him in the long run.

      DTD 🙂

    • that anonymous coward says:

      Maybe they grabbed his puppy and threatened to send him away to a farm unless he wrote them a report.

  8. Can current packet analysis software detect BitTorrent activity or extract files from BTP and μTP traffic streams? says:

    BitTorrent is a peer to peer file sharing protocol used to exchange files over the internet, and is used for both legal and illegal activity. Newer BitTorrent client programs are using proprietary UDP based protocols as well as TCP to transmit traffic, and also have the option of encrypting the traffic. This network forensic research examined a number of packet analysis programs to determine whether they could detect such traffic from a packet captures of a complete file transmitted using one of four protocol options. The four states examined were: TCP without encryption, TCP with encryption, μTP without encryption and μTP with encryption, and the six programs investigated were: Network Miner, Tcpxtract, Honeysnap, OpenDPI, Netwitness Investigator and SPID. Of the six programs investigated, none of them were fully able to fully reconstruct a file, with most not even able to detect that the traffic related to BitTorrent usage. The Netwitness Investigator program was able to extract the announce and scrape files. The signature based SPID was able to partly match TCP based torrent traffic, but could not identify μTP traffic. The conclusion is that until new tools are developed, forensic investigators must continue to rely on artifacts created by the BitTorrent clients themselves in order to locate evidence in the event that a crime has been alleged.

  9. now that didn't take to long; did it? says:

    Thanks to Seth Schoen for his expert declaration: which is strikingly different from Mr. Chin’s in that only 1 paragraph is dedicated to his credentials and the remainder of the declaration focuses on the issue at hand. It is written as a professional with considerable technical expertise but in layman’s terms and debunks, noting the inconsistent, inaccurate, incomplete, methodologies of the “tracking software”.

  10. they opened the door... says:

    Another professionally well written affidavit regarding the reality and complete explanations of
    IP addresses, BitTorrent protocol and also debunks, noting the inconsistent, inaccurate, incomplete, methodologies of the “tracking software”.

    This is the declaration of Glenn Reinman PH.D addressing the benefits of the BitTorrent protocol and the legal uses of of BitTorrent as well as the very well known artist Nine Inch Nails who share their own songs legally and for free on BitTorrent !

  11. sharp as a marble says:

    wouldn’t downloading only a small portion of ANY video fall under fair use? isn’t there some “significant portion” or somesuch clause in the copyright law thus negating half of chins declaration? so now if you have cc cleaner and vlc media player you MUST be guilty………i really am just sick of this @#$# i am super glad i do not live in the same city as these stupid wastes of space. can prenda just end already?

  12. Someone says:

    @DTD – off topic but do you have any sense when Judge Otis Wright II will release the hounds on the recent Prenda OSC hearing?

    • DieTrollDie says:

      No. I’m bet Judge Wright is taking his time to make sure his response is measured and allows for the least possible chance for a successful appeal from the Prenda crew. He could also be waiting to see what is said by Duffy at the hearing today in CAND – 1:30PM PST.

      DTD 🙂

      • Someone says:

        Thanks! the anticipation is killing me. I’m also thinking of framing my letter from Prenda. It’s going to be a collectors item soon i hope 🙂

  13. DonaldB says:

    This declaration serves its purpose.

    The focus is now off of Peter Hansmeier, and he can slip away without additional questions.

    His brother likely shifted much money out of Prenda’s accounts to the Peter, and it won’t be possible to claw it back.

    If the declaration referenced any tool or procedure actually used by Peter, Prenda, or the local lawyers, it would have opened them to questions.

    In fact a less-than-expert report serves their purposes better than an accurate, balanced one. A report that draws attention away from their previous process is required. A report that supports what they did, is extensively argued over, and only eventually deemed flawed is best. They can argue that what they did was subtly flawed, but only subtly. What they did was a mistake that could be made by many, and it took extensive expert debate to even decide it wasn’t quite accurate. After enough focus on this narrow issue, they want that admission to end this inquiry, and their other illegal behavior forgotten.

    • DieTrollDie says:

      Sounds pretty, BUT it in no way (IMO) gives Petey Boy (or the Prenda crew) a way out. If the methods are found to be flawed by this simple analysis, then the questions are still open. Couple the flawed IP collection methods and questionable software with an apparent unskilled technician (Petey) and you come up with an unsound determination of IP addresses = offender. Couple that with the threats of a law suit (their settlement demand letters) and sanctions are a possibility. We will see.

      DTD 🙂

      • DonaldB says:

        It shouldn’t give them a way out, but it may.

        They now have, on the record, an ‘expert’ saying what they did was mostly reasonable. I have no doubt it was carefully structured to avoid mentioning Peter, and avoid appearing as testimony or opening the door to questions of those that have plead the fifth.

        I see removing Peter from scrutiny as an important element. Anything they can do to obscure the “all in the family” nature of their operation will help them. Steele/Hansmeier/Prenda concocted a scheme where they were the client, instigator, investigator and lawyers. They bought the near-worthless rights to forgettable movies, seeded the torrent to make certain there were downloaders, had Hansmeier’s brother “investigate”, then put on their lawyer hats to send out extortion letters. All hidden with shell companies, trusts, anonymizer services and local lawyers.

        This worked for many, many cases. It’s expensive to investigate copyright ownership, and most judges refused to allow even attempting it.

        (We can see the similar pattern when they got family members to be part of a class-action suit, so that they could represent them and attempt to get a payoff to avoid interfering with a settlement.)

  14. Pingback: Impact Of Judge Otis Wright’s Order On Other BitTorrent Copyright Trolls – Next Generation? | DieTrollDie

  15. Pingback: Porn troll case prompts ISPs to fight to protect customer IDs | Family Survival Protocol / Microcosm News

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s