Re: RIAA timestamps off

[Jordan Wiens <numatrix () UFL EDU>]

We have had multiple cases where students contested the claim and
flow-analysis backed up that they were not participating in the P2P
traffic identified in the complaint.  Not a high percentage, mind
you, but some.

Unfortunately, verifying complaints through flow analysis is time-
consuming and tedious.  So our two options are:

1) Verify each complaint, requiring much more work by the security
team, in cases where the complaint /doesn't/ line up based on flow-
data, do we expand our search to try to find and correct the time-
stamp on the complaint?
2) Waste the student and judicial affairs time by rounding up
everybody and sending them through the process, hoping the innocent
ones actually contest it and then we can exonerate them.

This is not ideal.

--
Jordan Wiens, CISSP
UF Network Security Engineer
(352)392-2061


On Sep 30, 2007, at 9:31 AM, Ken Connelly wrote:

> I will echo Rick's sentiments and experiences.  I, too, have been
> dealing with these since day one.  We have never had a student
> dispute the copyright infringement complaint other than a case or
> two where the student registered another's computer for them.  In
> those cases, we redirected the complaint to the true owner and had
> no further dispute.
>
> - ken
>
> Rick Coloccia wrote:
> > We got 14 these past two weeks.  Very frustrating, since we use a
> > packet shaper and an Audible Magic box to minimize this kind of
> > traffic.  (All 14 were for encrypted protocols...) In every single
> > case, the student admits, "Yes I use limewire/ares/etc" and "Yes I
> > have that song" so while the timestamps may well be off we don't
> > think that's a significant issue with regard to these takedown
> > notices.  Our students admit to the file sharing (but most claim
> > they don't know that the same program that lets them get the song
> > re-shares it to the world), they get their stern warning, and life
> > goes on.  I realize that there are technical differences between
> > "making available" and someone "actually downloading" the song via
> > a p2p program, but with my students the difference isn't truly
> > significant.  We bring students in, teach them the highlights of
> > the dmca, insist they uninstall any p2p software, explain how the
> > takedown notice affects them as a Geneseo student (If we receive a
> > second takedown notice on their behalf, they'll meet the Dean of
> > Students who will likely start a process that can only end in
> > suspension or expulsion) and send them on their way.  It works for
> > us.
> > I'm not taking the side of the riaa, just sharing my experiences
> > having done this for years now, since the very first one...
> >
> > -Rick
> >
> > Valdis Kletnieks wrote:
> > > On Sat, 29 Sep 2007 06:50:42 EDT, David Taylor said:
> > >
> > > > I'm wondering if they are just going by the name of the file
> > > > without even
> > > > verifying the contents of the file.
> > >
> > > One has to wonder if this isn't a Beavis-and-Butthead routine,
> > > where one
> > > group hired by the RIAA to seed file sharing networks with bogus
> > > and corrupt
> > > versions of files has managed to plonk a suspiciously named file
> > > onto
> > > somebody's hard drive, and then the *other* group hired by the
> > > RIAA to find
> > > violators has found said file...
> > >
> > > It would fit in with the level of forensic rigor we've seen in
> > > the past...