IP Address Alone Insufficient To Identify Pirate, Court Rules
Written by enigmax on June 15, 2009Anti-piracy groups and lawyers across Europe are unmovable – they say that since they logged a copyright infringement from a particular IP address, the bill payer is responsible. Now a court in Rome has decided that on the contrary, an IP address does not identify an infringer, only a particular connection.
Right across Europe, many countries are being targeted by anti-piracy evidence gathered by outfits such as Swiss-based Logistep. After tracking alleged infringers, legal action is taken to force ISPs to hand over the identities of the person who pays the bill on the particular account linked to the allegedly infringing IP address. Lawyers operating in tandem with companies like Logistep, such as ACS:Law in the UK, insist that since they have an IP address, this automatically means that the bill payer is the copyright infringer or at least liable for the infringement.
Italy, which has seen its fair share of misery inflicted by Logistep and its partners Peppermint Jam, now has reason to be optimistic that these cynical, profit-motivated operations can be dampened down.
Although anyone with a basic knowledge of the Internet could come to the same conclusion given 30 seconds in a quiet room, the Tribunale Ordinario di Roma has now ruled that an IP address alone does not identify an infringer. According to a Punto Informatico report, on this basis the court kicked out a complaint against an individual accused of copyright infringement.
The District Attorney and judge said that the mere ownership of a connection from where an infringement took place is not sufficient to establish the identity of an infringer or liability of a defendant, especially since other people could have committed the alleged infringement.
In the UK right now, as many as 5,000 or more Internet bill payers are receiving letters through their doors from lawyers ACS:Law claiming that their Internet connection has been used to commit copyright infringement. TorrentFreak is in contact with many letter recipients and we are convinced that many people are being wrongfully accused for a multitude of reasons. Interestingly ACS:Law say that they do not necessarily claim that the bill payer committed the infringement, yet they still make threats and demand settlements for around £600 from that very individual.
They do this because they do not know and cannot prove who carried out the infringement, and simply hope that the bill payer feels responsible for what has happened and pays the settlement.
If it wasn’t clear before to some, it should be pretty clear now. As far as evidence goes, an IP address alone does not identify an infringer, merely a connection, and in the absence of additional evidence – such as that collected following an examination of the alleged infringer’s PC – it means little on its own.
Thank you Italy for your common sense.
Previously: Court Orders P2P News Site To Dishonor Convicted Pirates
Next: Virgin to Disconnect Stubborn Pirates, For a Few Minutes
60 Responses
Good.
I hope they don’t start examining our PCs… :o That would be a major invasion of privacy. Especially if you are innocent.
Now if only English lawyers would realise this.
very good
although that may be the end of /j’ing tracker irc servers.
@2 – if such a thing ever happened – encrypt your hard drive, or at least the folders you don’t want anyone to see. you can’t be forced to unencrypt it (in the US you can “take the fifth” and refuse to do so on the grounds it may incriminate you – yes, a kind of admission of guilt, but inadmissible in court) and since this is real life and not a Dan Brown novel, it’s very unlikely they can brute force it.
I have spoken.
@4 – Prepare to be jailed for decades when you refuse to comply with the court order to surrender a password.
The better course of action is to create a hidden volume using truecrypt and place an amount of legal files in the outer volume. When ordered to supply the password to the encrypted file volume, you supply the password that unlocks the outer volume.
@4 – or just delete cuch files with Guthmann method or something like that before the examination.
@4 you can be forced to hand ovr encryption keys in the UK.
If you encrypt in the UK using PGP/GPG keys, it is a legal requirement that when asked by relevant authorities the decryption must key be handed over, otherwise a custodial sentence is enforced. This even applies if you accidently loose the key.
cool story bro :)
Does anybody know what the ruling was against Mininova, the judge was supposed to make a decision today!
“If you encrypt in the UK using PGP/GPG keys, it is a legal requirement that… ”
As suggested above, try TrueCrypt (free) and have two encrypted “partitions” (for lack of a better word) with one partition holding super-secret-how-to-takeover-the-world documents… or p2p files, and the other photos of your ugly ass family reunion… or even other peoples ugly ass family reunions,baby pictures,bbq pics, aunt Sally’s mole etc and when forced to give up the password *dont* give them the p2p/secret docs partition but the other nasty one!
Back on topic:
“IP Address Alone Insufficient To Identify Pirate, Court Rules”
If only this was the case in the US as well, Jammie Thomas case nor Tennenbaum’s would have reached this ridiculous stage.. oh! and bye bye RIAA. Then again, this is MAFIAA home ground with buddy politicians.. shame really.
about time,
I share an internet connection with 3 house mates, the bill is in my name, why should i have to police them….
Common sense prevails!!
Heh after black line of news like France HADOPI, Pirate Bay verdict and others it is not better news time. HADPI overthrown for some time, EU rules out that 3 strikes is too much, Pirate Parties gather momentum and more established parties start to take digital age youth more seriously.
Fortunately the wireless defence works perfectly in the UK as you have no obligation to secure your connection. Your ISP agreement may wish you take reasonable steps, but they aren’t get to enforce it at the expense of a customer.
Sort of like if I steal your car to rob a bank or your gun to kill someone? How can the owner be liable? It’s when idiots admit to infringement is when they are liable. In extreme cases, child porn, the FBI can seize computers based on IP address and when they find the kiddie porn, then they, the owner of whatever computer was seized, can be held liable.
This certainly good news being a computer sineits and understanding the full osi networking layers it has baffled me for a long time how any reason minded person can take this trash for evidence.
If that were the case then I can spoof any packet and send it to logistep and then that person must be guilty of copy right infringement (if you subscribe to the isocracy of imaginary property that is). So let put that in real world scenario I know you address so at a crime scene I place a letter with your name on it, then with out further investigation the police knock on your door, and arrested you and charge with a crime based on the ever dense that they found a plant by me a letter with your name on it. Sound Luda cress to you, its nothing of the same that the snake oil lies that logi step forge.
Well done Rome you’ve done your self’s proud a another win for the good and a more misfortune for the evil retarded distribution business.
Store your data on an external hard drive
Steganographic file system, cryptography, duress password, tcp/ip steganography and etc.
you gotta love those expressions LoL
http://ieeexplore.ieee.org/Xplore/login.jsp?url=http%3A%2F%2Fieeexplore.ieee.org%2Fiel5%2F4148615%2F4148616%2F04148725.pdf%3Farnumber%3D4148725&authDecision=-203
lol what a coinscidence! i just got truecrypt and am encryipting my new 500 gb seagate. Something must be going on with encryption today. Even twitter’s catching up! & by the way i heard that the pirate bay’s judge was not biassed? http://snipr.com/jsgx0
http://stegoshare.sourceforge.net/
One of these days I’ll be bothered enough to put everything in Truecrypt…. might put 1 music file that I own on the outer volume. Going over all that over ONE song, which I own? Guess it’s time to face the music, YOU CANNOT WIN!
:3
@ 12
It’s on 15th July
In belgium, you are not obligated to help with your own investigation such as giving passwords. It’s same as your house: they need a court order to be allowed to get in.
If you encrypt your folders with truecrypt, they won’t be able to get in.
Internet cafes? public access points?
Lol it’s so easy to get onto wifi anyway. Most are unsecured, and wep can be cracked so easily (5 minutes max).
WPA even can be cracked.
Hell all sky routers have default wpa keys and there is a generator out there on the internet.
Even if I get kicked off the internet, i’m taking the whole neighbourhood with me
That is great. I was hoping for some thing like this. Now I only have to get rid of the hardrive or have the entire hardrive encrypted.
Not only can you not determine “who” an IP Address represents, you can’t imply copyright infringement. There is no way to know whether or not the user owns the downloaded content already.
It always pissed me off when Comcast sent my buddy threatening letters about downloading illegal content. He was downloading episodes of Rescue Me, of which he owned the entire box set, to keep his DVDs in pristine condition.
Here’s a question nobody answered for me. Suppose an IP links to one person and that person only (let’s say it does for the sake of argument). How can anyone prove in court a song was downloaded or made available by that IP? Even if they come up with an mp3 file as evidence, they have to prove that file came from the person’s computer. There’s nothing in that file that says it used to sit on Joe’s hard drive.
They could bring in Joe’s hard drive.
What if it’s formatted by then?
You’ve already stated that the IP links to one person and one person only. If a file was “shared” from that computer in full (which can be recorded from publicly accessible information on the tracker) then that computer has shared the file.
To view it from another side, if I connect to a tracker, pull your information as the only seed, and download the entire file from you, then you had the file at one point.
@ #7 and #9:
What if you’ve lost the encryption key?
If I had it on a USB-stick, and my dog chewed it to bits (no pun intended), then it’s gone, there’s no way to decrypt.
If you can be sentenced for that, it’s another example of ‘guilty until proven innocent’.
Yes, you can do that or you can claim to have done that. My point is, how can you prove to a third party that the file you present is a file you have downloaded from that computer? You can show logs of the connection to that IP, but how do I know the file you come up with is not just copied from your own hdd?
@taffer
You can checksum the file. Every torrent has enough meta-data about the files being shared, which is how your client is able to ensure that the file you downloaded is the file that was shared. This is also how you are able to resume downloads, download various parts of the file from various sources, and also seed a file you downloaded elsewhere. This system of checksums ensures that anyone connecting to the tracker via a particular torrent is sharing the EXACT same file.
By providing the logs of downloading the file from an IP and the checksum of the file, you have proven that the file originated from the source IP and contains the exact same data.
Thank you, rickatnight11.
@Anonymous: you can’t be sent to jail, in the USA, for refusal to turn over an encryption password/passkey – it’s classified under self incrimination, i.e the 5th Amendment. The only open legal question relating to passkeys is whether border agents can demand a machine be decrypted before allowing a citizen back into the country – that issue is in front of several appelate courts.
The UK “anti-encryption” law is a horse of a different color – through the UK doesn’t have a 5th Amendment (but they do have a queen).
Fausty | http://www.cultureghost.org
Anyone saying that in the US you can take the fifth and avoid incriminating yourself is wrong, it was tested in court in march of this year and the guy was ordered to decrypt the drive.
Here is one reference to it:
http://www.theregister.co.uk/2009/03/03/encryption_password_ruling/
Oh and the UK side of things really, really blows, you are legally obliged to provide keys to decrypt encrypted data, failure to do so gains you 2years of jail time…. So anyone with a really good reason to encrypt stuff is just going to take the 2years and laugh… o_O
There is no need to secure ones hard drive, this is a civil case with dl/acs there is no way they can get access to ones hard drive
If you own a gun and do your absolute best to lock it up and keep it safe from others, and if someone decides they want access to the gun, gets their hands on it and commits a crime with it; you are not guilty of any crime.
But in the eyes of the RIAA/MPAA, you’re supposed to be GUILTY without any proof whatsoever.
Uhm, did I miss something? Isn’t an IP adress a way of identifying a computer? Provided you can link that IP adress to certain connections/downloads, what more evidence could you possibly expect to prove beyond a doubt that someone is a pirate?
The IP address should at very least warrant credentials for a warrant. (ya I said it) The warrant should include search and seizure of computers found at said location of IP address in question. If copyrighted material is found on that computer, the owner is, in fact, responsible. No matter who actually hit the download button.
H-O-T Dating Networking Site __S e e k B i C o m___ helps you find your ideal lover
@neostyles an IP, on internet, identify a ROUTER, and differents computers can connect to internet throug this (especially if the router has wifi)
What I dont understand is how the authorities can get involved in a civil investigation. How can the RIAA tell the local police to seize your property on such a flimsy basis?
@ 46 reasoned neostyles
“Uhm, did I miss something?”
Boy, I’ll say you have…
“Isn’t an IP adress a way of identifying a computer?”
Perhaps “a computer,” though not necessarily the end user…
“Provided you can link that IP adress to certain connections/downloads, what more evidence could you possibly expect to prove beyond a doubt that someone is a pirate?”
You’re (purposely?) missing the entire point … what evidence exists regarding the actual user? What if Lars Ulrich breaks into my house while I’m in church … and he decides to download some steamy transsexual porn? Just because he’s playing with my computer (among other things) while I’m busy praising Jesus, you can’t hold ME responsible for his actions. Amen!
Italy wins over France. Problem is that there should be common law within the EU. Also, this will just lead to new lobby for a law that explicitly does make the customer, to whom the IP address belongs, responsible – no matter who actually dun it!
There is also a possibility someone downloaded data on your computer through a trojan.
But if someone wants to stay stealthy on the net he can always use IP filters and anonymous proxy’s to avoid being identified. In that case it would take a lot of resources to get to the guy.
To judge a person with only an IP-adress as evidence i wrong.
Often there are several persons using the same connection.
Here’s an example.
“a man gets hit by a car, when he lies on the ground, badly injured, he manage to write down the number on the cars license plate. Then he can hold the owner of this car responsible for the accident, and sue him or report him to the police. But now the police will investigate WHO drove the car, not just hold the owner responsible”
see where i’m going?, You just see the internet as the car, and there a is big chance that it maybe wasn’t the owner who drove!, maybe it was the owners spouse or son? or maybe the car was stolen just a few minutes before the accident!
That you can be held responsible for a crime just because it was commited through a cable you pay for i rediculous!
This shitty outlook on “law” just proves that the whole system is gettin manipulated by the industri!
i sickens my!
I own a small Hotel with free Wi fi, I have no control over my guests nor keep any records
I have a a good 3 TB of material downloaded via bittorrent.
I am in the UK right now and I have never recieved a complaint letter (touching wood).
But all this is making me PARANOID!!!
I’ve taken to using a Canadian proxy for my BT usage and a UK proxy for my surfing.
Being a Christian woman my surfing is really innocent – no porn (obviously), nothing very political and certanly no terrorist related size. Torrents are my only vice.
However the Big Brother blanket that is slowly but surely circling in on us. Corporate interests and government spooks want nothing more than your full internet history.
Who knows where it will end?
What about future employers or someone you fell out wity buying a profile of your internet usage…?
Spam, government warnings and other threats raining over you until you can’t take it anymore….
Thank goodness I am Swedish and will have the Pirate Party representing my fears in Brussels! Go PP!!!
How are they going to prove that you weren’t hacked or that somebody didn’t use your wireless — if you DENY IT?
@ 51
Don’t give them any ideas, particularly not any ideas that would work.
The thought of police knocking down your door because a torrent was downloaded from somebody using your IP address is scary.
ENCRYPT,ENCRYPT,ENCRYPT!
Check out http://www.entertane.com for a new meta-search engine – faster, simpler – access to all your favorite torrent searches
@28, yes we can win you can loose if you choose
above supposed to go to #23 sorry
“somebody using your IP address is scary.”
Exactly its pretty trivial for someone (who knows what they’re doing) to use the average persons computer to download and store “stuff” on a hidden partition.
And ,once in, these same people can erase there hacking tracks and use any legit software that has access to the net, and most do for “updates”, to send info back and forth
21 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.