Comments on: Defendant knocks Web illiterate juror in RIAA case

Comments made by one of the jurors who found Jammie Thomas guilty of file sharing admits to never having been on the Internet.

[rafederico]

"If that's the law, then the law's an ass" said Dickens

Remember, this was NOT a criminal case, it was a civil case for money damages. Congress defined the trigger for liability as "making available" songs for download, and also defined the dollar penalty range. The RIAA obviously had a lot of lobbying clout with Congress to get this dickensian law passed. Regrettably, the jury bought into it, and imposed liability 1000's of times higher than actual damages. How many millions has the RIAA already collected through 1000's of these abusive lawsuits?--new revenue source?

[reidtodd]

And Marion Jones didn't use steroids either

Don't believe she was spoofed and don't believe she didn't make song availible. It's a shame she got busted but if your gonna do a crime then be ready to do the time or pay the fine. The fine is way too high. $1000 bucks would probably keep her from P2P networking.

[AckU2]

It's impossible to Spoof a download!!!

Although the penalty was completely unfair and doesn't fit the crime, I wouldn't base my defense on IP Spoofing. I think she's been watching too many movies. The spoofing that she claims took place isn't even possible nowadays. In order to download a file, you need to receive responses from the Host. If you spoof an address, the host sends the address back to the Spoofed address and NOT the supposed hacker. The only way her address could have been spoofed is if somebody hacked her computer and took complete control of it. That's very possible, but if that was really the case, she should have taken her computer to an expert and had him testify in court that her computer was full of Trojans and back doors. Putting an expert on the stand to explain IP Spoofing would only hurt her defense. She's screwed; should have settled out of court.

[madjack74]

You can spoof anything

All you need is control of the routing table on a router upstream from the computer you intend to spoof and in the routing path to your destination. Granted these routers are normally pretty hard to break.

[rubicante]

What about unsecured wireless?

If someone was living off her wireless... of course that wouldn't really be spoofing per say, and arguing her liability in this case would be pointless, b/c I'm just being hypothetical.

[perlstar]

Re: IT'S IMPOSSIBLE

Lemme guess: you're a steelworker, right? Is your wife an internet guru?

[jasonm1848]

5 min is all i'd have needed.

granted spoofing an ip address is trivial, however be serious, lets reflect: one, who goes through the effort of spoofing to score a few tunes?...no one because free open proxy servers exist, all the sudden that ip log showes some crazy address in UAE is sharing nsync. two. as dude mentioned you cant spoof for a download without control of the host box. upload. simple. download and it will just go to the real machine. the riaa's case was loose at best, but her defense was useless. she did it, she knows it. but they have no proof sharing took place just the it was an option. its like being sued because you left your cd on you coffee table where anyone may have taken it. i would have dismissed the case. but we all know she did it.

[modley]

Actually it is possible

It is technically possible to spoof an IP. However I doubt in this case that happened.
What I do know is that you cannot hold someone responsible for file sharing based on IP alone.
Not to mention it shouldn't even be illegal to share files of any kind on purpose or accidentally. It should be illegal to download (Steal) those files. If I were to leave a CD for instance in my front yard completely unprotected. And someone walks into my yard and steals it then where did I commit a crime? True it may be stupid for me to leave it there. But I don't see how I'm responsible. If you browse a file sharing network say "Limewire" you will see people that have their entire C: drive shared. Ive found medical history, taxes and etc. Some people are just stupid and share things on accident. Should they be prosecuted if something turns out to be copyrighted? If you do say that they are responsible then how do you defend that someone did not connect to their wireless access point and share the files. That would show their IP. When it wasn't even their PC. Or there is a trojan on their PC. What you've never heard of a trojan on a PC. Do you ever wonder why they put those on PCs? TO TAKE CONTROL OF YOUR PC AND USE IT FOR ILLEGAL ACTIVITY! So it cant be traced back to them. They did say they were having PC problems and replaced the hard drive.

There is just too many possible ways this could have happened.
Trojan, IP spoofing, wireless access point connection and etc. It is technically possible it was not her. Honestly though I think it was her
(or one of her kids
). But just the possibility that it wasn't should be enough to let her go. The RIAA should have to show more evidence. A finger print if you will. They should have to get a search warrant and confiscate the PC and have an independant party check to see if the PC is in fact sharing the files. Its outrageous that they didn't have to do this. How would you like to be prosecuted for something based entirely on what a private company says?

It's like convicting someone for mailing a death threat just because the return address is theirs. It just has too many holes.

[rapier1]

technically

it would be very difficult to do this with a spoofed ip address. a hijacked address? sure, thats easy. spoofed? sort of not the way spoofing works. Spoofing is essentially one way communications - the packets go out but the ACKs never come back. It was, at one point, possible to have a TCP connection with a spoofed IP but since they changed how sequence numbers are instantiated its nearly impossible (thank Mitnick for that).

Also, with source route filtering much more common than it used to be spoofing is much more restrictive than it used to be.

[dave4dl]

Think about the implications of what you advocate

You are saying that it is up to the downloader to verify that what they are downloading is not copyrighted material. If this becomes the law it will be up to YOU to verify that every single link you click on in every web page/email you view does not contain copyrighted material. If you want to worry that you might be clicking on a link to a copyrighted picture (hosted by someone not authorized by the copyright holder) each time you press that mouse button then keep advocating your position.

[brass2themax]

IP Spoofing - Possible, not likely

No one would go through the hassle to spoof her IP address to download a few songs when they could use a free proxy. It's so much faster, and so much more likely.

Hiding behind this defense is not only stupid, but it's only a "possibility". It doesn't mean anyone actually did spoof her address, she's only saying "if someone wanted to, they could." But would they? Probably not.

[Penguinisto]

Heya! What's your home IP addy?

We can then see if you still feel it to be a stupid defense after the RIAA comes knocking on your door...

(hint: all it takes is a quick troll through some poorly-set up PHPBB boards to get username and IP addy).

/P

[bgrigg]

IP spoofing actually easy to do

Besides the technical ability to spoof IP addresses actually being possible, there is NO PROOF that the songs she uploaded were DOWNLOADED. She was charged with making the songs "available for downloading". Using that logic I'm making my car available for stealing, and my house available for breaking and entering.

You use the argument of reasonable doubt, which is why she should have been acquitted.

[jawaidbazyar]

IP address cannot be spoofed in two-way communication

The only time spoofing an IP in a packet works is if you have a one-way packet and neither need nor expect a response.

If you have a "conversation" with an IP address, for example, "hi, are you kazaa?" "yes" "what files do you have?" "I have these files: xx, yy, zz" then spoofing is impossible.

That's because the way IP routing works on the Internet. It would take a very sophisticated intruder with access to manipulate the global routing tables of multiple companies, in order to pull it off. In other words, highly unlikely.

The jury is right. The woman got caught with her hand in the cookie jar, and chooses to lie about it.

[Hola07]

comment to the spoof

spoof vi. To capture, alter, and retransmit a communication stream in a way that misleads the recipient.

A PROXY server could essentially do the same thing according to the definition from dict.org.

I would have to disagree with jawaidbazyar. There are many ways of disguising your identity.
Example:

Goto ?http://www.guardster.com/subscription/proxy_free.php? and type www.whatismyip.com? in the address bar. Does it look like your source IP? Probably not.

Even if the source IP is source from her ISP, how does that prove she committed the offence?
Is it possible that a downloaded rogue software application was installed without her knowledge?

I see applications that proxy requests causing problems like smtp relays issue of many years ago.

[joyluck1987]

WOW!

Way to be guilty of a crime and get others to pay for it! Anyone who donates money for this lady to pay her legal fees and the fine are fools!!

[rdunn]

(Record)ing on the wall... going independent

Here's a Fox news excerpt of what the RIAA's future will be like...
---------------------------------------
(by Roger Friedman)
... "The buzz Thursday is that Madonna will leave the moribund Warner Music Group after she releases her last album with them in the spring. Then she, like Paul McCartney, the Eagles, Joni Mitchell, James Taylor and Carly Simon, will abandon the conventional record business."

... "This week, Radiohead also left the record biz, preferring to offer their new album for direct download on the Internet."

..."Do the record labels not get what is happening? Their house of cards is collapsing."

"WMG?s inability to keep Madonna sends a signal to Wall Street..."
..."They are now a catalog company with a few front-list releases and even fewer employees left to promote or distribute them."

[QuentinCromwell]

only 9k

I'm waiting for her to bankrupt out of the judgement, I don't want the RIAA to get a single dime of the money.

[RangerMatt]

But how can they prove _legally_ that she did it?

I understand the issues people all have with spoofing, but here's another take on it. Assume the following: I'm a student at a university living in the dorms. I have a roommate who has full access to my room. During a weekend that I'm in the library studying, the roommate decides to use my computer to allow his friends to download copyrighted material on my computer. When the logs are checked, all you'll see is that that port was used to download it. You won't know if it was me, him, or any of the other ten or twenty people that had access at that time. Therefore, IMHO, you cannot say that I did it, and therefore, I can't be held responsible. Am I wrong here? It seems like this could be carried along to this case as well, to wit, the household computer is accessed by not just her, but her family. Therefore, prove you got the right person in the household. Unfortunatly, there are no non-repudiated credentials on Kazaa.

/*Standard Disclaimers: consult legal counsel before trying this in a court, individual results may vary, if you notice a rash or discomfort, discontinue use of my advice. <g> */

[rapier1]

Preponderance of evidence

This is not a criminal case but a civil case. In a civil case the
burden is that the preponderance of proof must indicate the
defendant did what the claimant said. It doesn't have to be 100%
proof. It doesn't even have to be 95% or 90% likely (think beyond
a reasonable doubt) but just more likely than not that the
evidence indicates the person was in the wrong.

In this situation the most likley scenario is that the woman did
that the RIAA said she did.

[David_Tower]

When it's your pc...

It seems like this could be carried along to this case as well, to wit, the household computer is accessed by not just her, but her family.

The files were traced to her computer. The files were liked to a nickname or password she has used many times elsewhere on the net. The files reflect her own tastes in music. If she wants to sell this "defense" to the jury she has to point the finger at someone else and make it convincing. Saying "The dog ate my homework" doesn't cut it here.

[bluefire31]

What is she thinking?

This lady is obviously lying when she said she never downloaded illegal files. The idea that her IP address was spoofed is not really possible. I'm sure she just read about it online somewhere or had her lawyer mention something about it to her. All of the evidence points to her plain and simple. She is guilty but the fine is still way more than it should be. She's just not the brightest crayon in the box that's all. Could have been smarter when she used peer to peer networks.

[The_Decider]

Clueless

The suit was not about her downloading files.

Try to understand before commenting.

[amack0001]

She could have won her case...

Her credibility has been tainted throwing up these last minute excuses. Her case is over. I support her, however, if she was going to try and prove a reasonable doubt she should have been much more prepared. It would have been fairly trivial to supply a reasonable doubt in this case but it was her that wasn't technically savvy. Any smart file sharer creates a wireless network without a WEP/WPA key so others could possibility log on separately. Use an older computer to download it then transfer it to your regular computer that is completely separate from the wireless portion of the network altogether to protect your information from intruders. In other words split your network in two so objects between the two networks cannot interact with each other. That creates the doubt because there is no physical limits to accessing the network to the internet. Then you can throw hacker terms at the court like IP spoof, MAC address spoof, zombie machine takeovers, etc.

Also, who in their right mind uses KaZaa today? The Fed has been all over Kazaa for years. Move on to something safer. Had it been torrents she downloaded it would have been a completely different situation. It's like borrowing one brick from 10,000 people and making your own house. Much harder to prove in court.

File sharing will always be a risk, you need to prepare yourself for the worse properly so you can defend yourself!!!

[bluefire31]

I Agree

You're right. She should have known the potential consequences before downloading files. Just because she got caught because she's not careful doesn't mean we should feel sorry for her. She's and guilty and her defense is too weak and not even really possible or realistic.

[anonymous1977]

More comments

Amack0001:

First, where was the money going to come from to pay for the experts to testify or to be "more prepared" as you state it?

Second, another poster on another similar story says:
"I work in the security industry and it is trivial to infect a computer so that I remotely can intercept what the user sees and types, making it easy to get her username for various web sites and such.

It's also easy then to remotely install a P2P file sharing program so that the user never sees it. I could then populate the hidden music folders by downloading from other p2p sites, and share the downloaded files back to the network. I could also remotely copy the music files from the hijacked computer to my system without exposing my IP address or running P2P software.

In other words, I can make it look just like Jammie had downloaded and was sharing the music, with her being completely unaware of my use of her computer.

Additionally, since remote exploits by hackers are often unstable and can overwrite critical parts of the hard drive, it would explain why she had to have the hard drive replaced."

Explain again why this isn't possible?

[housemansam]

Its not as simple as "reasonable doubt"

Jammie Thomas was sued in civil court, which means that the Plaintiff in the case is only required to prove that she (Thomas) was liable using a "preponderance of the evidence." Preponderance means simply that it is more likely than not that she did the things necessary to induce liablity. This is not a high standard - something like 50%+1, and therefore, she would have to establish much more than "reasonable doubt" to overcome the liablity issue. Reasonable doubt is a criminal not civil law standard; tantamount to being 99% sure - a much higher standard for sure.

But by the looks of things, she could probably get an appellate court to overturn the judgement against her or at least lower the amount based on the fact that the juror indicated that him and his fellow jurors were trying to send a message, which is tantamount to an award of punitive damages, via an award of actual damages. Jury misconduct, if I'm not mistaken. Nevertheless, I'm not real sure that she will have another shot at another trial - you typically only get one shot at that.

Any attorneys out there? Please let me know if I'm mistaken.

[dewittdale]

Where's the Artists

Simple Balance of Forces. Name the artists whom are being offended and see if they mind the exposure to a rallying ideal.

[bgrigg]

Where are they?

Let's also find out if they actually receive any of the money!

[amack0001]

Reply!

First, where was the money going to come from to pay for the experts to testify or to be "more prepared" as you state it?

She should have been prepared for the consequence of her actions first and for most. If you want to steal something you should be prepared to face the consequences. If your not prepared and not face the facts then you are just ignorant. By the way, I am sure many IT professionals would come to her aid for no money at all.

Your other comment make no sense whatsoever, I never claimed that any of that cannot happen. I have taken numerous network security courses over my college career and continue to learn in my position of a network administrator. Of course that situation is clearly possible and trivial to do. I have emulated exploits like that numerous times in a lab environment. Anytime you have a Window's operating system with numerous ports being opened and closed you are open for attack. Open up port 25 for a while and see what happens.

Again, when did I say it's not possible? You clearly have no understanding on the concepts of network security as you are quoting someone else's post as a justification. The damaging piece of evidence was that she used her own email address to identify her Kazaa client. You have to think in the mind of a hacker. That is the key to network security. Viruses are almost obsolete; spyware and adware have taken over. Why? It benefits the hacker to make money. Why would a hacker spoof her IP and create a fake username to KaZaa? A hacker would use anonymous access so he/she can continue to download music without her knowing. Plus any hacker with any brains at all would just Bit Torrent to pull in the big stuff (software, movies, etc). Yeah, a hacker is going to do his research and take the time to create his zombie machine to share 20+ MP3 songs. Makes perfect sense to me.

I do agree that the combined evidence is conclusive, but I also claim that each piece of that evidence was still circumstantial. She said to herself... man I got caught... um yea I was spoofed! Not my fault! She isn't Rosa Parks... she is just a woman that downloaded music and got caught.

[AckU2]

Yeah Right

If you emulated the same supposed spoof in a lab environment then you are obviously the world's greatest hacker because you'd be able to control every single computer in the world. You'd literally be the world's most powerful person. You'd be able to download whatever you wanted to absolutely anyone's computer.

TCP packets have a 32-bit(4 bytes) random number that must be verified for the spoof to work. That's simple if you had one packet, but you're talking about an average file size of about 3 MB, which amounts to sending over 4^2100. Not only that, there were over 20 songs, so now you're talking more like 4^42,000 packets that you'd have to send which is absolutely impossible unless they started spoofing her address about 1000 years ago. The chances of getting just the first two packets right are about one in 4 million. And on top of that, her computer would have to be vulnerable to accept rogue data. Mind of a hacker??? Seriously... Go get your feet wet at Defcon.

[The_Decider]

Port 25?

Do you even know what a port is?

It is a number used by the OS so it knows what app gets what data from the network.

I will write a little server and bind it to port 25 on windows, and nothing bad will happen.

Why? Because 16 bit integers are not dangerous.

[sanenazok]

day late

and a few dollars short.

Her arguments belong in front of a jury at trial, not afterwards. Even more so, she and her lawyer should have picked out clueless jurors before trial.

Now it's a little late.

[AckU2]

Right On!

Exactly! At least someone makes sense on here.

Poor girl just picked the wrong defense.

[AckU2]

Maybe...

Very hard to break indeed, but yeah, that's not quite spoofing and it'd be fairly easy to track. But of course, if you did manage to get into one of these, I'm sure you'd be smart enough to cover your tracks. She surely would have called her ISP wondering why she couldn't do anything on the Net. Somebody that skilled in hacking would have much better things to do with their time, so the scenario is highly doubtful. If they're that good, they should hack into the RIAA's network.

[mectron]

Hum.. 5 minutes...

This is about the time it took the jury to grab the big money bag handed over by the RIAA.

Who need another proof that this clearly criminal cartel need to be shutdown right away!

[TJ Spyke]

Bitter woman

This woman is just bitter because she broke the law and got caught. She was illegally sharing music online, and the RIAA caught her. She should have known better, and now she is gonna be reminded this as she spends years paying back the money.

[mectron]

Curious?

How can someone still sleep at nithg? knowing they support the most dangerous internation criminal organisation in the world? (here a hint: RIAA). Peoples all arround the world should make all their music available at once to show that united we can stand agains such obvious illegal organistion. No mather is this women is guilty or not, the RIAA as no PROOFS of any legal value again her and the proof the criminal RIAA got, they got them illegally by breach of pricacy, home invation, computer hacking etc...

The day the RIAA will be shutdown forever is the day artists and consumers will win all over the world.

The RIAA serve NO LEGAL purpose of any kind.