I am concerned by the recent landmark case by "Dallas Buyers Club" where details of iiNet customers who allegedly downloaded their movie will be disclosed.
There has been a lot of discussion in the media about the case, but I haven't seen any that look into the issue with any level of detail. From their perspective, it is an open and shut case. That is, once the names and address are handed over the game is up. I don't think it is, but before I can draw any conclusions, I need to explain how the technology works.
Whenever someone downloads via bit-torrent, they need a '.torrent' file that describes the files for download. The bit-torrent client software understands this file and obtains a list of IP addresses that are seeders and peers. A seeder is a computer that is able to send you part of the download (in this case, the movie file you think is Dallas Buyers Club). A peer is a computer wanting to download part of the file.
You can see how this technology is far from clandestine: each computer needs to know the entire list of other computers' IP addresses so it can either send or receive part of the download. Movie companies can pretend to be a downloader and watch all the IPs that connect. In this case they grouped together the 5000 odd IPs that iiNet own and put forward a case to find out the identities.
IP addresses are, by themselves, not that helpful in identifying someone. They are allocated to companies in 'blocks' - and the large ISPs have 100's of 1000's of addresses. You can determine who 'owns' your IP address (go to www.whatismyip.com for example). Lawyers representing Dallas Buyers Club did precisely that, using the seeders and peers IP addresses.
In the past, iiNet argued they shouldn't have to divulge this information and they protected their clients. Now that the courts are forcing them to comply, how do they link an IP with customer information?
ISPs like iiNet charge customers on usage - e.g. number of Megabytes per month. To measure usage, they need to map IP addresses to usernames/accounts. This is the mechanism that lawyers can get names and addresses.
IP Address (1.2.3.4) ---> iiNet ---> Your Account
Whenever you log in, ISPs like iiNet assign your broadband connection an IP. Sometimes it's always the same (called static) and other times, it's from a pool of available remaining IPs (called dynamic). This means that your connection has an IP address, not your computer.
If you are like most households, you have more than one device that connects to the internet. You only have one IP address though. This is the first issue - iiNet cannot tell what specific computer did the download. This is the equal of charging the head of the household for a murder just because it was at their house - based on no more information.
The second, less spoken about issue, is iiNet cannot tell the exact location of where the connection was. Most iiNet customers could use one-another's account by changing their username and password. The IP is assigned to the account, not the location. This is a massive leap of faith - just because a gun you own is registered to your address, doesn't mean any crime committed with it was at your house.
The third issue is most home routers have Wifi so their phones can connect without being plugged in. This means people could, without permission, connect and use your internet connection. Are you liable for someone breaking into your house, taking your knife and committing a crime with it?
In conclusion, while this landmark case is disappointing, I cannot see why anyone would pay up. The onus is on accuser- I realise it's a civil, not criminal, case so the bar is lower, but yet there are that many holes in the approach it's hard to imagine it making any difference. They would need to seize computers and find the files to be able to do that. You can subvert this by encrypting your hard-drive (ensuring your computer is off when they seize it) or destroying the hard-drive before the seizure.
I am not advocating for piracy, but I am of pointing out the flaws in the technical approach of drawing a conclusion of guilt based on an IP address. I am also not a lawyer- take these comments like you would of someone pretending to know what they are talking about.
I find this article well written and interesting to read. I have never heard such a comparison like IPs and smoking guns. The true is that each user is seen by her IP and this may cause some concerns as for me. It's not a secret that some businesses prefer data room providers to private local networks because of cyber security.
ReplyDeleteWhen anyone logs on to the Internet, the IP address of the computer is relayed over the domain. hide your IP address
ReplyDeleteI think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. https://192-168-i-i.com
ReplyDeleteDuring the night of 9 December, such a party of daring soldiers had snuck out and managed to sneak up Lombards Hill. https://www.optics1.se
ReplyDeleteSo despite what is in front of you, don't be deterred. It can be done. Thousands of smokers stop smoking cigarettes daily. You can be one of them. With effective quit smoking tips, the right support structure and stop smoking aids, you will be able to conquer this thing.vape zone dubai
ReplyDeleteI found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work... percolator bongs
ReplyDeleteOthers would prefer not to confront the conceivably unendurable withdrawal side effects that regularly go with an abrupt restraint from smoking. like this
ReplyDelete