Re: 23,000 IP addresses

[David Conrad]

On May 12, 2011, at 8:59 AM, Robert Bonomi wrote:
>> I wonder  does IANA frequently receive legal papers  demanding the
>> name and street address of the customer at  127.0.0.1  ?  :)
> 
> I know people, well at least one,  that have sent spam complaints to IANA 
> claiming junk mail originated from that address. 

I don't recall receiving legal papers for 127.0.0.1, but do recall several 
demands from law enforcement agencies (and long ago, when I was at APNIC, the 
US Secret Service) for customer information for RFC 1918 space.

Regards,
-drc

Re: 23,000 IP addresses

[Robert Bonomi]

> From nanog-bounces+bonomi=mail.r-bonomi@nanog.org  Thu May 12 11:04:15 
> 2011
> Date: Wed, 11 May 2011 19:33:21 -0500
> Subject: Re: 23,000 IP addresses
> From: Jimmy Hess 
> To: Michael Holstein 
> Cc: NANOG list 
>
> On Wed, May 11, 2011 at 7:48 AM, Michael Holstein
>
> I wonder  does IANA frequently receive legal papers  demanding the
> name and street address of the customer at  127.0.0.1  ?  :)
>

I know people, well at least one,  that have sent spam complaints to IANA 
claiming junk mail originated from that address. 

Yes, *really*.

And, it was "true".  The 'cron' daemon was sending him e-mails he didn't
want.

Re: 23,000 IP addresses

[Jimmy Hess]

On Wed, May 11, 2011 at 7:48 AM, Michael Holstein
 wrote:

> I have the netflow records to prove this is NOT the case. All
> MediaSentry (et.al.) do is scrape the tracker. We have also received a
> number of takedown notices that have numbers transposed, involve parts
Seems really prone to failure.

I wonder  does IANA frequently receive legal papers  demanding the
name and street address of the customer at  127.0.0.1  ?  :)

--
-JH

Re: 23,000 IP addresses

[Christopher Morrow]

On Wed, May 11, 2011 at 2:26 PM, Joel Jaeggli  wrote:
> On 5/11/11 8:26 AM, Christopher Morrow wrote:
>> On Wed, May 11, 2011 at 11:16 AM, William Allen Simpson
>>  wrote:
>>
 Courts like precedent. I choose Facebook's precedent. Seems reasonable to
 me.

>>> That's also roughly in line with Nextel and others for CALEA.
>>
>> Hrm, I had thought that CALEA specifically removed the ability of the
>> Provider to charge for the 'service'? Though there is always the case
>> where the Provider can say: "Yes, this doesn't fall into the CALEA
>> relevant requests, we can do this for you though it will cost
>> time/materials to do, here's our schedule..."
>>
>> or that's the stance a previous employer was taking... (at the
>> direction of their lawyer-catzen)
>
> A civil subpeona is not a calea request. This thread has done a fair bit
> of intermingling of the two things to the detriment of it's utility.

yes, sorry... I got confused by william's interjection of calea...

> While I'm sure facebook is served with plenty of valid search warrants,
> I'm reasonably  unsure that they meet the definition of
> telecommunications carrier.
>
> there's some discussion in the light of recent hearings, here:
>
> http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html

there's been a push (or was a while ago) to change the calea
requirements such that 'service provider' was the application service
provider as well. AOL IM, Facebook, Google-Search... etc. with
calea-like exfil of relevant data in 'near realtime' and 'at no cost
to LEA'.

-chris

Re: 23,000 IP addresses

[Joel Jaeggli]

On 5/11/11 8:26 AM, Christopher Morrow wrote:
> On Wed, May 11, 2011 at 11:16 AM, William Allen Simpson
>  wrote:
> 
>>> Courts like precedent. I choose Facebook's precedent. Seems reasonable to
>>> me.
>>>
>> That's also roughly in line with Nextel and others for CALEA.
> 
> Hrm, I had thought that CALEA specifically removed the ability of the
> Provider to charge for the 'service'? Though there is always the case
> where the Provider can say: "Yes, this doesn't fall into the CALEA
> relevant requests, we can do this for you though it will cost
> time/materials to do, here's our schedule..."
> 
> or that's the stance a previous employer was taking... (at the
> direction of their lawyer-catzen)

A civil subpeona is not a calea request. This thread has done a fair bit
of intermingling of the two things to the detriment of it's utility.

While I'm sure facebook is served with plenty of valid search warrants,
I'm reasonably  unsure that they meet the definition of
telecommunications carrier.

there's some discussion in the light of recent hearings, here:

http://paranoia.dubfire.net/2011/02/deconstructing-calea-hearing.html

Re: 23,000 IP addresses

[Mark Radabaugh]

On 5/11/11 11:19 AM, Marshall Eubanks wrote:

On May 10, 2011, at 8:30 PM, Jimmy Hess wrote:


On Tue, May 10, 2011 at 8:54 AM, Mark Radabaugh  wrote:

On 5/10/11 9:07 AM, Marshall Eubanks wrote:
A good reason why every ISP should have a published civil subpoena
compliance fee.
23,000 * $150 each should only cost them $3.45M to get the information.
Seems like that would take the profit out pretty quickly.

+1.
But don't the fees actually have to be reasonable?
If you say your fee is  $150 per IP address,  I think they might bring
it to the judge
and claim the ISP is attempting to avoid subpoena compliance by charging an
unreasonable fee.

They can point to all the competitors charging $40 per IP.


I am not a lawyer, and you would be a fool to use NANOG for legal advice, but 
if I were to charge something for this, I would want
to be able to justify the charge in front of a judge, regardless of what anyone else 
charges. In other words, something like "we find it typically takes $ 100 to get the 
backups out of storage, 15 minutes @ $X per minute for a tech to find the right backup 
disk and 10 minutes at $Y per minute for a network engineer to review the dump."

Regards
Marshall


Don't forget to include your attorneys time to verify that the subpoena 
is actually legal.  That would add another $100 to the cost at a minimum.


We recently almost released information on a customer in an attempt to 
comply with what appeared to be a valid subpoena.  The subpoena was 
invalid and thankfully our attorney noticed it.   I fully expect the 
bill for the legal advice to be at least $100.00


Really the point though is to charge *some* fee for complying.  It 
doesn't really matter what the fee is.  The reason they sue 10,000 
defendants in one case is to avoid having to pay the $350 (or similar) 
fee to the court for each defendant.   If the ISP's don't charge for 
providing this information a copyright holder can file a civil suit, 
issue subpoena's based on the filing, and intimidate defendants with 
settlement offers before the case gets thrown out of court for 
improperly joining defendants.


http://houstonlawyer.wordpress.com/2011/03/18/over-1-internet-users-dismissed-from-copyright-infringement-lawsuit-in-a-slight-of-hand-letter-to-the-court/

Add any significant cost to the process of figuring out who the actual 
customers are and the profit motive goes out the window.


--
Mark Radabaugh
Amplex

m...@amplex.net  419.837.5015

Re: 23,000 IP addresses

[Christopher Morrow]

On Wed, May 11, 2011 at 11:16 AM, William Allen Simpson
 wrote:

>> Courts like precedent. I choose Facebook's precedent. Seems reasonable to
>> me.
>>
> That's also roughly in line with Nextel and others for CALEA.

Hrm, I had thought that CALEA specifically removed the ability of the
Provider to charge for the 'service'? Though there is always the case
where the Provider can say: "Yes, this doesn't fall into the CALEA
relevant requests, we can do this for you though it will cost
time/materials to do, here's our schedule..."

or that's the stance a previous employer was taking... (at the
direction of their lawyer-catzen)

Re: 23,000 IP addresses

[Marshall Eubanks]

On May 10, 2011, at 8:30 PM, Jimmy Hess wrote:

> On Tue, May 10, 2011 at 8:54 AM, Mark Radabaugh  wrote:
>> On 5/10/11 9:07 AM, Marshall Eubanks wrote:
>> A good reason why every ISP should have a published civil subpoena
>> compliance fee.
>> 23,000 * $150 each should only cost them $3.45M to get the information.
>> Seems like that would take the profit out pretty quickly.
> 
> +1.
> But don't the fees actually have to be reasonable?

> 
> If you say your fee is  $150 per IP address,  I think they might bring
> it to the judge
> and claim the ISP is attempting to avoid subpoena compliance by charging an
> unreasonable fee.
> 
> They can point to all the competitors charging $40 per IP.
> 

I am not a lawyer, and you would be a fool to use NANOG for legal advice, but 
if I were to charge something for this, I would want
to be able to justify the charge in front of a judge, regardless of what anyone 
else charges. In other words, something like "we find it typically takes $ 100 
to get the backups out of storage, 15 minutes @ $X per minute for a tech to 
find the right backup disk and 10 minutes at $Y per minute for a network 
engineer to review the dump." 

Regards
Marshall 



> This would be very interesting with IPv6 though,  and customers assigned /56s.
> 
> "You want all the records for every IP in this /56,  really?"
> 
> 
> --
> -JH
> 
> 

Re: 23,000 IP addresses

[William Allen Simpson]

On 5/10/11 10:35 PM, Mark Radabaugh wrote:

Facebook charges $150.00 (not a great link but 
http://lawyerist.com/subpoena-facebook-information/


Sorry, that's old and incorrect.



Finding that on facebook's site is difficult. Other sites have Facebook 
charging $250 to $500 for civil subpoena fees.


http://www.facebook.com/help/?faq=17159

... you must personally serve a valid California or Federal subpoena on
Facebook. Out-of-state civil subpoenas must be domesticated in California.

...

Facebook charges a mandatory fee of $500.00 per user account. Please
enclose payment with your properly served subpoenas. A custodian
declaration will be included with the return of materials, if any.
Notarized declarations carry an additional $100.00 fee.

http://www.facebook.com/help/?faq=17160

Facebook requires a minimum of 30 days to process a civil subpoena.
Additional time may be required depending on various factors. You may
request your subpoena be expedited by submitting an additional $200.00 fee
with your subpoena.



Courts like precedent. I choose Facebook's precedent. Seems reasonable to me.


That's also roughly in line with Nextel and others for CALEA.

Re: 23,000 IP addresses

[Michael Holstein]

> ("it's one in a billion to crack it! beyond a
> reasonable doubt! we dont have anyone anywhere in our IT who could possibly
> crack it!") 

A billion iterations takes what fraction of a second using a high-end
multi-card gamer rig and CUDA? (or for the cheap/lazy, a S3/Tesla instance).

Even for brute-force, although WPA2 is salted with the SSID, 95% of the
time it's still "Linksys". Rainbow tables for the ~140 most common SSIDs
are already available.

I once used GPS and a wifi analyizer to show a map of how large the
possible "cloud" around a standard WRT54G and 2nd floor installation of
the accused's router really was. To make it dumb enough, I used the
pringle's cantenna (literally) instead of a commercial antenna.

The "CSI effect" works when the defense does it too. Juries love to hear
techie stuff these days, it's just that the defense usually can't afford
it. If a sizable community of technical folks were to pro-bono as expert
witnesses, the "presumption of innocence" would return pretty fast.

Cheers,

Michael Holstein
Cleveland State University

Re: 23,000 IP addresses

[Christopher Morrow]

On Wed, May 11, 2011 at 8:48 AM, Michael Holstein
 wrote:
>
>>> I wonder how things go if you challenge them in court.  This is surely a
>>> topic for another list, but it seems to me it'd be fairly difficult to
>>> prove unless they downloaded part of the movie from your IP and verified
>>> that what they got really was a part of the movie.
>
> I have the netflow records to prove this is NOT the case. All
> MediaSentry (et.al.) do is scrape the tracker. We have also received a
> number of takedown notices that have numbers transposed, involve parts
> of our netblock that were not in use at the time in question, etc.

this is exactly the same situation I outlined previously...
darknet/tcdump can't be a bittorrent user.

> I would think that whole "penalty of perjury" thing would have some
> weight behind it.

apparently not :( (I'd say something about lobbyists et.al, but...)

-chris

Re: 23,000 IP addresses

[Ken Chase]

On Wed, May 11, 2011 at 09:56:56AM +0800, Ong Beng Hui said:

> while, I am not a lawyer, so what after they know who is using that  
> broadband connection for that IP. So, they have identified the 80yr old,  
> what next ? and what if i have a free-for-all wireless router in my  
> house which anyone can tap on, which i regularly switch off during  
> nighttime for energy saving reason. :)

Simple. Just make having clue on configuring your wifi AP a legal requirement. 
:)

Sides, since WPA is cracked now too, to some extent, i dont think most APs
have any sort of guaranteed protection. Hell, it's better to leave it wide
open, as having the prosecution accuse you of child porn because you used a
hard-but-crackable WPA2 ("it's one in a billion to crack it! beyond a
reasonable doubt! we dont have anyone anywhere in our IT who could possibly
crack it!") instead of WEP or wide open seems like a greater pitfall.

What about projects like http://NoCat.net - will they be made illegal? That's 
going
to be an awesome can of worms.

/kc
-- 
Ken Chase - k...@heavycomputing.ca skype:kenchase23 +1 416 897 6284 Toronto 
Canada
Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front 
St. W.

Re: 23,000 IP addresses

[Michael Holstein]

>> I wonder how things go if you challenge them in court.  This is surely a
>> topic for another list, but it seems to me it'd be fairly difficult to
>> prove unless they downloaded part of the movie from your IP and verified
>> that what they got really was a part of the movie. 

I have the netflow records to prove this is NOT the case. All
MediaSentry (et.al.) do is scrape the tracker. We have also received a
number of takedown notices that have numbers transposed, involve parts
of our netblock that were not in use at the time in question, etc.

I would think that whole "penalty of perjury" thing would have some
weight behind it.

Stanford (in)famously managed to get DMCA notices for all the printers
on campus, just by faking a client into putting the printer's IP into
the tracker as a seed.

Cheers,

Michael Holstein
Cleveland State University

Re: 23,000 IP addresses

[Roland Perry]

In article <5f713bd4b694ac42a8bb61aa6001a...@mail.dessus.com>, Keith 
Medcalf  writes

Article 5 - Categories of data to be retained
1. Member States shall ensure that the following categories of data are
retained under this Directive:
(a) data necessary to trace and identify the source of a communication:
(...) the name and address of the subscriber or registered user to whom an
Internet Protocol (IP) address, user ID or telephone number was allocated at
the time of the communication;


The real problem is in the stupid wording.  The IP Address is not allocated to a 
"subscriber" or "registered user".  It is handed out for use
on an authorized circuit.  That circuit is being paid for by someone.  There is no nexus between a 
"circuit number" and a "subscriber" or
"user" (or there should not be -- and there only is if YOU CHOOSE TO CREATE 
SUCH).


While there's an argument that the circuit number doesn't identify the 
user, it most certainly identifies the Subscriber, who is the person who 
has the legal contract for supply of the circuit.



If network operators behaved rationally, the proper response to any request to 
divulge information related to an IP address would be limited to
the Account Number which was paying for the circuit on which the IP Address was 
allocated WITH NO IDENTIFICATION OF ANY INDIVIDUAL WHATSOEVER.


So you'd give out the bank/credit card number, but not the name? The 
legislation above asks for the name and address, and in many 
jurisdictions revealing the credit card number or bank account number 
would be regarded as *more* intrusive, not less.

--
Roland Perry

RE: 23,000 IP addresses

[Keith Medcalf]

Luis Marta wrote on 2011-05-10:


> In the EU you have Directive 2006/24/EC: http://eur-
> lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF

> Article 6 - Periods of retention
> Member States shall ensure that the categories of data specified in Article
> 5 are retained for periods of not less than six months and not more than two
> years from the date of the communication.

> Article 5 - Categories of data to be retained
> 1. Member States shall ensure that the following categories of data are
> retained under this Directive:
> (a) data necessary to trace and identify the source of a communication:
> (...) the name and address of the subscriber or registered user to whom an
> Internet Protocol (IP) address, user ID or telephone number was allocated at
> the time of the communication;

The real problem is in the stupid wording.  The IP Address is not allocated to 
a "subscriber" or "registered user".  It is handed out for use on an authorized 
circuit.  That circuit is being paid for by someone.  There is no nexus between 
a "circuit number" and a "subscriber" or "user" (or there should not be -- and 
there only is if YOU CHOOSE TO CREATE SUCH).  If network operators behaved 
rationally, the proper response to any request to divulge information related 
to an IP address would be limited to the Account Number which was paying for 
the circuit on which the IP Address was allocated WITH NO IDENTIFICATION OF ANY 
INDIVIDUAL WHATSOEVER.

The entire problem is being created by Network Operators who are making up 
answers that they cannot prove are true, and causing grief to their customers.

Eventually some customer will decide to challenge the Network Operator to prove 
their allegations of misfeasance.  The result will be that the Network 
Operators will lose, and lose big time.  After all, it is the Network Operators 
who are the accusers -- not the media mafia.

> Each member state creates its own law, according to the directive. In
> Portugal, you have to retain the data for one year.
>
> Best Regards,
> Luís Marta.

--- Keith Medcalf
()  ascii ribbon campaign against html e-mail
/\  www.asciiribbon.org

Re: 23,000 IP addresses

[Mark Radabaugh]

On 5/10/11 8:30 PM, Jimmy Hess wrote:

On Tue, May 10, 2011 at 8:54 AM, Mark Radabaugh  wrote:

On 5/10/11 9:07 AM, Marshall Eubanks wrote:
A good reason why every ISP should have a published civil subpoena
compliance fee.
23,000 * $150 each should only cost them $3.45M to get the information.
Seems like that would take the profit out pretty quickly.

+1.
But don't the fees actually have to be reasonable?

Facebook charges $150.00  (not a great link but 
http://lawyerist.com/subpoena-facebook-information/


Finding that on facebook's site is difficult.  Other sites have Facebook 
charging $250 to $500 for civil subpoena fees.


Courts like precedent.  I choose Facebook's precedent.  Seems reasonable 
to me.


Mark

Re: 23,000 IP addresses

[Steven Bellovin]

On May 10, 2011, at 9:53 16PM, Michael Painter wrote:

> Deepak Jain wrote:
>> For examples, see the RIAA's attempts and more recently the criminal 
>> investigations of child porn downloads from unsecured access
>> points. From what I understand (or wildly guess) is that ISPs with remote 
>> diagnostic capabilities are being asked if their
>> provided access point is secure or unsecure BEFORE they serve their warrants 
>> to avoid further embarrassments. [It'll probably
>> take another 6 months and more goofs before they realize that customers are 
>> perfectly capable of poorly installing their own
>> access points behind ISP provided gear].
> 
> Exactly...what about those who choose WEP/WPA-TKIP for their 'secured' access 
> point?
> I can just imagine being in front of a judge/jury after having been arrested 
> for, as you say, "child porn downloads " and listening to my law^H^H^H public 
> defender explain the mechanisms of how the access point was 'cracked' and may 
> have been used by someone sitting in their car down the street. 
> 
> 
It's happened -- here are two cases I know of:
http://news.cnet.com/Wi-Fi-arrest-highlights-security-dangers/2100-1039_3-5112000.html
http://news.nationalpost.com/2010/05/27/ontario-man-accused-of-downloading-child-porn-because-of-free-wifi-connection/


--Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: 23,000 IP addresses

[Ong Beng Hui]

Hi，

I am not an US citizen and I don't live in US. But I am interested to 
know how the case progress, because we have similar such cases in my 
country. :P


But seriously, are they after the end-user or making the ISP responsible 
for their end-user ?


while, I am not a lawyer, so what after they know who is using that 
broadband connection for that IP. So, they have identified the 80yr old, 
what next ? and what if i have a free-for-all wireless router in my 
house which anyone can tap on, which i regularly switch off during 
nighttime for energy saving reason. :)


On 5/11/11 1:28 AM, Deepak Jain wrote:

A Federal Judge has decided to let the "U.S. Copyright Group" subpoena
ISPs over 23,000 alleged downloads of some
Sylvester Stallone movie I have never heard of; subpoenas are expected
to go out this week.

I thought that there might be some interest in the list of these
addresses :

http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddre
sses.pdf

This will stop when a 80+ yr old is taken to court over a download her 8 year 
old grandkid might have made when visiting for the weekend. The media will make 
the case that technologists can't.

For examples, see the RIAA's attempts and more recently the criminal 
investigations of child porn downloads from unsecured access points. From what 
I understand (or wildly guess) is that ISPs with remote diagnostic capabilities 
are being asked if their provided access point is secure or unsecure BEFORE 
they serve their warrants to avoid further embarrassments. [It'll probably take 
another 6 months and more goofs before they realize that customers are 
perfectly capable of poorly installing their own access points behind ISP 
provided gear].

The torrent stuff is fundamentally no different in that a single IP can and is 
shared by lots of people as common practice and the transient nature of it 
(e.g. airport access point, starbucks, etc) reasonably makes the lawyer's case 
much, much harder.

There is a real theft/crime here in many cases, but whether there is actually 
any value in prosecution of movie downloads will depend... but most likely, the 
outcome will be iMovies or similar and the movie industry will shrink the way 
the music industry has.

DJ

Re: 23,000 IP addresses

[Michael Painter]

Deepak Jain wrote:
For examples, see the RIAA's attempts and more recently the criminal investigations of child porn downloads from 
unsecured access
points. From what I understand (or wildly guess) is that ISPs with remote diagnostic capabilities are being asked if 
their
provided access point is secure or unsecure BEFORE they serve their warrants to avoid further embarrassments. [It'll 
probably
take another 6 months and more goofs before they realize that customers are perfectly capable of poorly installing their 
own

access points behind ISP provided gear].


Exactly...what about those who choose WEP/WPA-TKIP for their 'secured' access 
point?
I can just imagine being in front of a judge/jury after having been arrested for, as you say, "child porn downloads " and 
listening to my law^H^H^H public defender explain the mechanisms of how the access point was 'cracked' and may have been 
used by someone sitting in their car down the street. 

Re: 23,000 IP addresses

[Jimmy Hess]

On Tue, May 10, 2011 at 8:54 AM, Mark Radabaugh  wrote:
> On 5/10/11 9:07 AM, Marshall Eubanks wrote:
> A good reason why every ISP should have a published civil subpoena
> compliance fee.
> 23,000 * $150 each should only cost them $3.45M to get the information.
> Seems like that would take the profit out pretty quickly.

+1.
But don't the fees actually have to be reasonable?

If you say your fee is  $150 per IP address,  I think they might bring
it to the judge
and claim the ISP is attempting to avoid subpoena compliance by charging an
unreasonable fee.

They can point to all the competitors charging $40 per IP.

This would be very interesting with IPv6 though,  and customers assigned /56s.

"You want all the records for every IP in this /56,  really?"


--
-JH

Re: 23,000 IP addresses

[Daniel Staal]

--As of May 10, 2011 9:37:55 AM -0400, Jon Lewis is alleged to have said:


I wonder how things go if you challenge them in court.  This is surely a
topic for another list, but it seems to me it'd be fairly difficult to
prove unless they downloaded part of the movie from your IP and verified
that what they got really was a part of the movie.  If they're going
after any IP that connected to and downloaded from an agent of the studio
(and that's what it sounds like) who hosted the file, can they really
expect to prosecute people for downloading something they were giving
away?


--As for the rest, it is mine.

Typically the response (from what media coverage I've read) is that they'll 
put up a token defense to see if you are really interested, and then drop 
it at the first opportunity if you continue.  Keeping them in court once 
they have dropped the prosecution is tricky, and they will resist that with 
all available resources.


Actually paying court costs and spending billable time on these cuts into 
their business model.


Daniel T. Staal

---
This email copyright the author.  Unless otherwise noted, you
are expressly allowed to retransmit, quote, or otherwise use
the contents for non-commercial purposes.  This copyright will
expire 5 years after the author's death, or in 30 years,
whichever is longer, unless such a period is in excess of
local copyright law.
---

Re: 23,000 IP addresses

[Bill Bogstad]

On Tue, May 10, 2011 at 4:31 PM, Steven Bellovin  wrote:

>>
>>
> If I've found the right case, it was 05-1404, and published as 451 F.3d 226 
> (2006);
> see http://law.justia.com/cases/federal/appellate-courts/F3/451/226/627290/
> I have no idea if it's still good law.

According to EDUCAUSE the appellate decision was complex:

http://www.educause.edu/Policy+Analysis+%26+Advocacy/PressReleases/CALEACourtDecisionMixedforHigh/17136

This status page indicates that 'most' campus networks would be exempt:

http://www.educause.edu/Resources/Browse/CALEA/30781

Definitely a case of 'talk to your lawyers' to be sure.

Bill Bogstad
bogs...@pobox.com

Re: 23,000 IP addresses

[Steven Bellovin]

On May 10, 2011, at 3:51 32PM, Michael Holstein wrote:

> 
>> In the US, I believe that CALEA requires you to have those records for 7 
>> years.
>> 
> 
> No, it doesn't (records *of the requests* are required, but no
> obligation to create subscriber records exists).
> 
> Even if it did .. academic institutions are exempt (to CALEA) as private
> networks.*
> 
> There are various legislative attempts afoot to create one here in the
> US .. but none have passed.
> 
> Regards,
> 
> Michael Holstein
> Information Security Administrator
> Cleveland State Unviersity
> 
> (*): US Court of Appeals, District of Columbia, 50-1504.
> 
> 
If I've found the right case, it was 05-1404, and published as 451 F.3d 226 
(2006);
see http://law.justia.com/cases/federal/appellate-courts/F3/451/226/627290/
I have no idea if it's still good law.
> 


--Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: 23,000 IP addresses

[Kevin Oberman]

> Date: Tue, 10 May 2011 15:51:32 -0400
> From: Michael Holstein 
> 
> 
> > In the US, I believe that CALEA requires you to have those records for 7 
> > years.
> >   
> 
> No, it doesn't (records *of the requests* are required, but no
> obligation to create subscriber records exists).
> 
> Even if it did .. academic institutions are exempt (to CALEA) as private
> networks.*
> 
> There are various legislative attempts afoot to create one here in the
> US .. but none have passed.

There is a great deal of uncertainty about the issue of academic
institutions being exempt. I know tha that the opinion of the
University of California's Counsel was that the wording in the last
CALEA update a few years ago removed that exemption and a representative
of the FBI, speaking on CALEA requirements, was explicit in saying that
they were not exempt. (Of course, that would be the FBI's position.)

In any case, get your own legal opinion about this. Don't rely on NANOG
for legal advice.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net  Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

Re: 23,000 IP addresses

[Claudio Lapidus]

Hello,

On Tue, May 10, 2011 at 4:02 PM, Owen DeLong  wrote:

>  In the US, I believe that CALEA requires you to have those records for 7
> years.
>
FWIW, in Argentina there is a requirement to hold all records for a full ten
years. A sweet bite for the storage folks here...

regards,
cl.

Re: 23,000 IP addresses

[Michael Holstein]

> In the US, I believe that CALEA requires you to have those records for 7 
> years.
>   

No, it doesn't (records *of the requests* are required, but no
obligation to create subscriber records exists).

Even if it did .. academic institutions are exempt (to CALEA) as private
networks.*

There are various legislative attempts afoot to create one here in the
US .. but none have passed.

Regards,

Michael Holstein
Information Security Administrator
Cleveland State Unviersity

(*): US Court of Appeals, District of Columbia, 50-1504.

Re: 23,000 IP addresses

[Justin M. Streiner]

On Tue, 10 May 2011, Owen DeLong wrote:

In the US, I believe that CALEA requires you to have those records for 
7 years.


Some universities have taken the position that they do not meet the 
criteria for being "communications service providers" under CALEA, and 
therefore not subject to the intercept and data retention requirements. 
Whether or not that has been tested in court yet, I don't 
know.


jms

Re: 23,000 IP addresses

[Kevin Oberman]

> From: Owen DeLong 
> Date: Tue, 10 May 2011 12:02:33 -0700
> 
> On May 10, 2011, at 11:49 AM, Michael Holstein wrote:
> 
> > 
> >> In the EU you have Directive 2006/24/EC:
> >> 
> > 
> > But I'm not, and neither are most of the ISPs in the linked document.
> > 
> > Regards,
> > 
> > Michael Holstein
> > Information Security Administrator
> > Cleveland State University
> 
> In the US, I believe that CALEA requires you to have those records for
> 7 years.

Owen,

Afraid not. As of this time there are no data retention requirements in
CALEA. There is a proposal to add data retention to CALEA this year, but
I can't even find anything indicating the legislation has been
introduced.

According to an article in the NY Times last fall, the FBI will be asking
for several new tools in CALEA that include data retention requirements,
requiring P2P software to allow intercept and requiring that providers
dong encryption (e.g. Blackberry) to provide the ability for the
government to decrypt the data. I don't know that legislation has
actually been introduced, though.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: ober...@es.net  Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751

Re: 23,000 IP addresses

[Steven Bellovin]

On May 10, 2011, at 3:02 33PM, Owen DeLong wrote:

> 
> On May 10, 2011, at 11:49 AM, Michael Holstein wrote:
> 
>> 
>>> In the EU you have Directive 2006/24/EC:
>>> 
>> 
>> But I'm not, and neither are most of the ISPs in the linked document.
>> 
>> Regards,
>> 
>> Michael Holstein
>> Information Security Administrator
>> Cleveland State University
> 
> In the US, I believe that CALEA requires you to have those records for 7 
> years.
> 
Source, please -- I've never heard of this, nor can I find anything like it
at askcalea.com.  All I've found is that you have to keep records of 
*interceptions*.  I've also seen numerous news stories about how the FBI
wants that to be added to the law, thus implying that it isn't there now.
See, for example, http://news.cnet.com/8301-13578_3-10448060-38.html


--Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: 23,000 IP addresses

[Owen DeLong]

On May 10, 2011, at 11:49 AM, Michael Holstein wrote:

> 
>> In the EU you have Directive 2006/24/EC:
>> 
> 
> But I'm not, and neither are most of the ISPs in the linked document.
> 
> Regards,
> 
> Michael Holstein
> Information Security Administrator
> Cleveland State University

In the US, I believe that CALEA requires you to have those records for 7 years.

Owen

Re: 23,000 IP addresses

[Steven Bellovin]

On May 10, 2011, at 2:10 10PM, Wil Schultz wrote:

> On May 10, 2011, at 10:56 AM, Steven Bellovin wrote:
> 
>> 
>> On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote:
>> 
>> 
>> Has anyone converted that file to some useful format like ASCII?  You know
>> -- something greppable?
>> 
> 
> I've converted it to ascii, but I don't have a place to host it.
> 
> I can send to anyone that would like it.
> 

Thanks.  I've uploaded it as https://www.cs.columbia.edu/~smb/23000.txt.gz and
https://www.cs.columbia.edu/~smb/23000-clean.txt.gz ; the latter has page 
breaks,
headers, etc., stripped out; nothing but data.

--Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: 23,000 IP addresses

[Wil Schultz]

On May 10, 2011, at 10:56 AM, Steven Bellovin wrote:

> 
> On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote:
> 
> 
> Has anyone converted that file to some useful format like ASCII?  You know
> -- something greppable?
> 

I've converted it to ascii, but I don't have a place to host it.

I can send to anyone that would like it.

-wil 

Re: 23,000 IP addresses

[Steven Bellovin]

On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote:

> A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
> over 23,000 alleged downloads of some
> Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
> out this week. 
> 
> I thought that there might be some interest in the list of these addresses :
> 
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
> 
> If you have IP addresses on this list, expect to receive papers shortly. 

Has anyone converted that file to some useful format like ASCII?  You know
-- something greppable?

> 
> Here is more of the backstory :
> 
> http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/
> 
> This is turning into quite a legal racket (get order $ 3000 for sending a 
> threatening letter); I expect to see a lot
> more of this until some sense returns to the legal system. 
> 
There's amazing slime behind some similar efforts -- in another case,
of people charged with downloading "Nude Nuns with Big Guns" (yes, you
read that correctly), there are two different that each claim the rights
to the movie and hence the right to sue (alleged) downloaders:
http://www.wired.com/threatlevel/2011/05/nude-nuns-brouhaha/

--Steve Bellovin, https://www.cs.columbia.edu/~smb

RE: 23,000 IP addresses

[Deepak Jain]

> A Federal Judge has decided to let the "U.S. Copyright Group" subpoena
> ISPs over 23,000 alleged downloads of some
> Sylvester Stallone movie I have never heard of; subpoenas are expected
> to go out this week.
> 
> I thought that there might be some interest in the list of these
> addresses :
> 
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddre
> sses.pdf

This will stop when a 80+ yr old is taken to court over a download her 8 year 
old grandkid might have made when visiting for the weekend. The media will make 
the case that technologists can't.

For examples, see the RIAA's attempts and more recently the criminal 
investigations of child porn downloads from unsecured access points. From what 
I understand (or wildly guess) is that ISPs with remote diagnostic capabilities 
are being asked if their provided access point is secure or unsecure BEFORE 
they serve their warrants to avoid further embarrassments. [It'll probably take 
another 6 months and more goofs before they realize that customers are 
perfectly capable of poorly installing their own access points behind ISP 
provided gear].

The torrent stuff is fundamentally no different in that a single IP can and is 
shared by lots of people as common practice and the transient nature of it 
(e.g. airport access point, starbucks, etc) reasonably makes the lawyer's case 
much, much harder. 

There is a real theft/crime here in many cases, but whether there is actually 
any value in prosecution of movie downloads will depend... but most likely, the 
outcome will be iMovies or similar and the movie industry will shrink the way 
the music industry has.

DJ

Re: 23,000 IP addresses

[Roland Perry]

In article , Roland Perry  writes
>Attempts a bit like this have come unstuck in the UK. Search for
>"Davenport Lyons" and "ACS Law"

And this ruling (and fine) have appeared from the UK's privacy regulator
today (note especially that the fine would have been ~$300k if the
company was still trading):


-- 
Roland Perry

Re: 23,000 IP addresses

[Marshall Eubanks]

On May 10, 2011, at 10:08 AM, Roland Perry wrote:

> In article , chip 
>  writes
> 
>> Interesting, especially after this:
>> 
>> http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/
> 
> It depends whether you are suing the subscriber or the downloader (maybe both 
> can be liable in some cases). Also whether the subscriber was running an open 
> Wifi (normally not recommended), which is a matter of evidential fact to be 
> explored in each particular case.
> 

And, perhaps most critically, which judge you come before. (It will take a 
while, and maybe a visit to the Supreme Court, before you can
expect legal consistency here.) 

Note also that these generally do not go to trial.

Regards
Marshall 


>> On Tue, May 10, 2011 at 9:07 AM, Marshall Eubanks  
>> wrote:
>>> A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
>>> over 23,000 alleged downloads of some
>>> Sylvester Stallone movie I have never heard of; subpoenas are expected to 
>>> go out this week.
>>> 
>>> I thought that there might be some interest in the list of these addresses :
>>> 
>>> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
>>> 
>>> If you have IP addresses on this list, expect to receive papers shortly.
>>> 
>>> Here is more of the backstory :
>>> 
>>> http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/
>>> 
>>> This is turning into quite a legal racket (get order $ 3000 for sending a 
>>> threatening letter); I expect to see a lot
>>> more of this until some sense returns to the legal system.
> 
> Attempts a bit like this have come unstuck in the UK. Search for "Davenport 
> Lyons" and "ACS Law"
> -- 
> Roland Perry
> 
> 

Re: 23,000 IP addresses

[Christopher Morrow]

On Tue, May 10, 2011 at 10:37 AM, William Pitcock
 wrote:
> On Tue, 10 May 2011 10:22:03 -0400
> Christopher Morrow  wrote:
>> At least baytsp got theirs? (money I mean)
>>
>
> Do you have any links to evidence of this?  I would love to just be
> able to automatically throw BayTSP mails in the garbage, but I can't
> just blindly do it if there is any chance of them being legitimate.

sadly I do not have evidence anymore... I do know that the isp
essentially stopped replying to baytsp though. some form of monitoring
netflow on your network + matching baytsp requests against that
pattern would likely be enough I suspect (ask lawyer-cat of course)

-chris

Re: 23,000 IP addresses

[Michael Holstein]

> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
>   

The dates in the timestamps are back in February. We deleted those logs
"..in the regular course of business.."
a LONG TIME AGO.

If you didn't do that, you really ought to ask yourself why.

Regards,

Michael Holstein
Information Security Administrator
Cleveland State University

Re: 23,000 IP addresses

[William Pitcock]

On Tue, 10 May 2011 10:22:03 -0400
Christopher Morrow  wrote:

> On Tue, May 10, 2011 at 10:15 AM, Scott Brim 
> wrote:
> > On Tue, May 10, 2011 at 09:42, Leigh Porter
> >  wrote:
> >> So are they basing this on you downloading it or on making it
> >> available for others?
> >
> > Without knowing the details, I wouldn't assume any such level of
> > competence or integrity.  It could just be a broad witch hunt.
> 
> I know of a decent sized global ISP that ran (runs?) a large darknet
> that was the equivalent of a few /16's routed to a fbsd host running
> 'tcpdump' (a tad more complex, but essentially this). BayTSP (one of
> the 'make legal threats for the mpaa/riaa' firms) sent ~2k notes to
> the ISP about downloaders on these ips.
> 
> Looking at netflow data (sample 1:1 on that interface) they had
> portscanned (from ip space registered in their name) each address in
> the range and sent subpoena-material to all ips that they thought they
> got a response from.
> 
> At least baytsp got theirs? (money I mean)
> 

Do you have any links to evidence of this?  I would love to just be
able to automatically throw BayTSP mails in the garbage, but I can't
just blindly do it if there is any chance of them being legitimate.

William

Re: 23,000 IP addresses

[Christopher Morrow]

On Tue, May 10, 2011 at 10:15 AM, Scott Brim  wrote:
> On Tue, May 10, 2011 at 09:42, Leigh Porter
>  wrote:
>> So are they basing this on you downloading it or on making it available for 
>> others?
>
> Without knowing the details, I wouldn't assume any such level of
> competence or integrity.  It could just be a broad witch hunt.

I know of a decent sized global ISP that ran (runs?) a large darknet
that was the equivalent of a few /16's routed to a fbsd host running
'tcpdump' (a tad more complex, but essentially this). BayTSP (one of
the 'make legal threats for the mpaa/riaa' firms) sent ~2k notes to
the ISP about downloaders on these ips.

Looking at netflow data (sample 1:1 on that interface) they had
portscanned (from ip space registered in their name) each address in
the range and sent subpoena-material to all ips that they thought they
got a response from.

At least baytsp got theirs? (money I mean)

Re: 23,000 IP addresses

[Scott Brim]

On Tue, May 10, 2011 at 09:42, Leigh Porter
 wrote:
> So are they basing this on you downloading it or on making it available for 
> others?

Without knowing the details, I wouldn't assume any such level of
competence or integrity.  It could just be a broad witch hunt.

> Apologies for the top post...

Never apologize for top posting, it just starts the flame war all over again.

Re: 23,000 IP addresses

[Roland Perry]

In article , chip 
 writes



Interesting, especially after this:

http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/


It depends whether you are suing the subscriber or the downloader (maybe 
both can be liable in some cases). Also whether the subscriber was 
running an open Wifi (normally not recommended), which is a matter of 
evidential fact to be explored in each particular case.



On Tue, May 10, 2011 at 9:07 AM, Marshall Eubanks  
wrote:

A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
over 23,000 alleged downloads of some
Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
out this week.

I thought that there might be some interest in the list of these addresses :

http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf

If you have IP addresses on this list, expect to receive papers shortly.

Here is more of the backstory :

http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/

This is turning into quite a legal racket (get order $ 3000 for sending a 
threatening letter); I expect to see a lot
more of this until some sense returns to the legal system.


Attempts a bit like this have come unstuck in the UK. Search for 
"Davenport Lyons" and "ACS Law"

--
Roland Perry

Re: 23,000 IP addresses

[Leigh Porter]

So are they basing this on you downloading it or on making it available for 
others?

Apologies for the top post...

-- 
Leigh Porter


On 10 May 2011, at 14:40, "Jon Lewis"  wrote:

> On Tue, 10 May 2011, Marshall Eubanks wrote:
> 
>> A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
>> over 23,000 alleged downloads of some
>> Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
>> out this week.
>> 
>> I thought that there might be some interest in the list of these addresses :
>> 
>> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
> 
> It wasn't that good a movie, so I guess they need to squeeze every bit of $ 
> they can out of anyone who saw it.  I bought it a a Blockbuster liquidation 
> sale (having not seen it previously).
> 
>> http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/
>> 
>> This is turning into quite a legal racket (get order $ 3000 for sending a 
>> threatening letter); I expect to see a lot
>> more of this until some sense returns to the legal system.
> 
> I wonder how things go if you challenge them in court.  This is surely a 
> topic for another list, but it seems to me it'd be fairly difficult to prove 
> unless they downloaded part of the movie from your IP and verified that what 
> they got really was a part of the movie.  If they're going after any IP that 
> connected to and downloaded from an agent of the studio (and thats what it 
> sounds like) who hosted the file, can they really expect to prosecute people 
> for downloading something they were giving away?
> 
> Wouldn't that be like the RIAA making bootleg copies of audio CDs, giving 
> them away, and then prosecuting anyone who accepted one?
> 
> --
> Jon Lewis, MCP :)   |  I route
> Senior Network Engineer |  therefore you are
> Atlantic Net|
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
> 
> 
> __
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email 
> __

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

RE: 23,000 IP addresses

[Baklarz, Ron]

Maybe they can use the Clinton marijuana-non-inhalation defense - I downloaded 
the movie but I didn't watch it!

Ron Baklarz CISSP, CISA, CISM, NSA-IAM/IEM
Chief Information Security Officer
National Passenger Railroad Corporation
10 G Street, NE  Office 6E606
Washington, DC 20002
bakl...@amtrak.com

-Original Message-
From: Jon Lewis [mailto:jle...@lewis.org]
Sent: Tuesday, May 10, 2011 9:38 AM
To: Marshall Eubanks
Cc: NANOG list
Subject: Re: 23,000 IP addresses

On Tue, 10 May 2011, Marshall Eubanks wrote:

> A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
> over 23,000 alleged downloads of some
> Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
> out this week.
>
> I thought that there might be some interest in the list of these addresses :
>
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf

It wasn't that good a movie, so I guess they need to squeeze every bit of
$ they can out of anyone who saw it.  I bought it a a Blockbuster
liquidation sale (having not seen it previously).

> http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/
>
> This is turning into quite a legal racket (get order $ 3000 for sending a 
> threatening letter); I expect to see a lot
> more of this until some sense returns to the legal system.

I wonder how things go if you challenge them in court.  This is surely a
topic for another list, but it seems to me it'd be fairly difficult to
prove unless they downloaded part of the movie from your IP and verified
that what they got really was a part of the movie.  If they're going after
any IP that connected to and downloaded from an agent of the studio (and
thats what it sounds like) who hosted the file, can they really expect to
prosecute people for downloading something they were giving away?

Wouldn't that be like the RIAA making bootleg copies of audio CDs, giving
them away, and then prosecuting anyone who accepted one?

--
  Jon Lewis, MCP :)   |  I route
  Senior Network Engineer |  therefore you are
  Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: 23,000 IP addresses

[Mark Radabaugh]

On 5/10/11 9:07 AM, Marshall Eubanks wrote:

A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
over 23,000 alleged downloads of some
Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
out this week.

I thought that there might be some interest in the list of these addresses :

http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf

If you have IP addresses on this list, expect to receive papers shortly.

Here is more of the backstory :

http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/

This is turning into quite a legal racket (get order $ 3000 for sending a 
threatening letter); I expect to see a lot
more of this until some sense returns to the legal system.

Regards
Marshall


A good reason why every ISP should have a published civil subpoena 
compliance fee.


23,000 * $150 each should only cost them $3.45M to get the information.

Seems like that would take the profit out pretty quickly.

--
Mark Radabaugh
Amplex

m...@amplex.net  419.837.5015

Re: 23,000 IP addresses

[Dale Carstensen]

>A Federal Judge has decided to let the "U.S. Copyright Group" subpoena
>ISPs over 23,000 alleged downloads of some Sylvester Stallone movie I have 
>never heard of [. . .]
>I thought that there might be some interest in the list of these addresses :
>http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pd
f
> [. . .]
>Marshall

There are only 34 unique ISP names, representing somewhat fewer ISPs
(4 or so have Comcast in the name, I think SBC, Bellsouth and AT&T are
all one, Frontier has a couple of names, etc.)  And they probably are
represented proportional to the number of customers they have, mostly
big cable, ILEC, cell carrier:

   5892 Comcast Cable
   3719 Road Runner
   2997 SBC Internet Services
   2331 Verizon Internet Services
   1293 BellSouth.net
   1010 Cox Communications
977 Charter Communications
681 Qwest Communications
656 Optimum Online
572 Windstream Communications
334 Clearwire Corporation
269 Sprint PCS
258 Frontier Communications of America
180 Suddenlink Communications
168 EarthLink
136 WideOpenWest
136 Comcast Business Communications
118 AT&T Services
111 Insight Communications Company
 98 Fairpoint Communications
 97 Frontier Communications
 92 RCN Corporation
 70 ALLTEL Corporation
 59 Bresnan Communications
 59 AT&T Global Network Services, LLC
 57 Wave Broadband
 55 Midcontinent Communications
 51 Atlantic Broadband
 48 Sprint
 21 HUGHES NETWORK SYSTEMS
 19 Road Runner Business
 14 Verizon Business
  3 Comcast Telecommunications
  2 Comcast - Houston

Re: 23,000 IP addresses

[Julien Gormotte]

On Tue, 10 May 2011 09:07:11 -0400, Marshall Eubanks wrote:

A Federal Judge has decided to let the "U.S. Copyright Group"
subpoena ISPs over 23,000 alleged downloads of some
Sylvester Stallone movie I have never heard of;


Good for you : it was one of the worst films I've ever seen. And I've 
seen Iron Man 2.



subpoenas are
expected to go out this week.

I thought that there might be some interest in the list of these 
addresses :



http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf


Mine is not. These are only US ISPs ?

If you have IP addresses on this list, expect to receive papers 
shortly.


Here is more of the backstory :

http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/

This is turning into quite a legal racket (get order $ 3000 for
sending a threatening letter); I expect to see a lot
more of this until some sense returns to the legal system.


And these problems are spreading everywhere in the world.



Regards
Marshall

Re: 23,000 IP addresses

[Jon Lewis]

On Tue, 10 May 2011, Marshall Eubanks wrote:


A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
over 23,000 alleged downloads of some
Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
out this week.

I thought that there might be some interest in the list of these addresses :

http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf


It wasn't that good a movie, so I guess they need to squeeze every bit of 
$ they can out of anyone who saw it.  I bought it a a Blockbuster 
liquidation sale (having not seen it previously).



http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/

This is turning into quite a legal racket (get order $ 3000 for sending a 
threatening letter); I expect to see a lot
more of this until some sense returns to the legal system.


I wonder how things go if you challenge them in court.  This is surely a 
topic for another list, but it seems to me it'd be fairly difficult to 
prove unless they downloaded part of the movie from your IP and verified 
that what they got really was a part of the movie.  If they're going after 
any IP that connected to and downloaded from an agent of the studio (and 
thats what it sounds like) who hosted the file, can they really expect to 
prosecute people for downloading something they were giving away?


Wouldn't that be like the RIAA making bootleg copies of audio CDs, giving 
them away, and then prosecuting anyone who accepted one?


--
 Jon Lewis, MCP :)   |  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: 23,000 IP addresses

[chip]

Interesting, especially after this:

http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/



On Tue, May 10, 2011 at 9:07 AM, Marshall Eubanks  
wrote:
> A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs 
> over 23,000 alleged downloads of some
> Sylvester Stallone movie I have never heard of; subpoenas are expected to go 
> out this week.
>
> I thought that there might be some interest in the list of these addresses :
>
> http://www.wired.com/images_blogs/threatlevel/2011/05/expendibleipaddresses.pdf
>
> If you have IP addresses on this list, expect to receive papers shortly.
>
> Here is more of the backstory :
>
> http://www.wired.com/threatlevel/2011/05/biggest-bittorrent-case/
>
> This is turning into quite a legal racket (get order $ 3000 for sending a 
> threatening letter); I expect to see a lot
> more of this until some sense returns to the legal system.
>
> Regards
> Marshall
>
>
>



-- 
Just my $.02, your mileage may vary,  batteries not included, etc