Feeds:
Posts
Comments

Off the cuff, this is a post about PGP (a.k.a., “pretty good privacy”) and encryption.

When I was in college in the 1990’s, encryption was the easiest thing to set up. We’d download some freeware, set up a few encryption keys, upload the keys to the MIT servers, and send around “how are you, aren’t we cool because we’re using encryption” e-mails to friends and family. Little did we know those keys would be permanently there years later, and most of us lost our keys over the years, and forgot to set expiration dates on our keys (so my old college keys are still available somewhere on the net).

After a phone call today, I realized that after so many years, I have not used PGP, and I did not have a PGP key handy to encrypt an e-mail and its contents. “No problem,” I thought, I’ll just go online, grab the free software from Symantec, and I’ll set up a key and forward the documents. NO GO.

Symantec purchased the rights to the PGP software from Phil Zimmerman, and they TOOK AWAY the ability for individuals to set up PGP encryption on their machines (unless they purchase an elaborate suite of programs for $$$$). And, even if I wanted to purchase the software, they have made it next to impossible to acquire it using a few clicks, a credit card, and a website checkout.

Honestly, I have nothing wrong with companies selling premium features on top of their free software, but ENCRYPTION SOFTWARE SHOULD BE FREE!!! In order to have a free society where individuals can speak and express themselves freely without need to censor themselves in fear of a snooping government, encryption is needed! Because Symantec took away the ability for individuals to use PGP, in my opinion, this in my book is considered unethical and “mean” business practice. Shame on you, Symantec.

[ON A SIDE NOTE: I want to point out that in college Phil Zimmerman was my hero. Now on his “Where to get PGP” website, he states that he doesn’t care that PGP is no longer free, as long as Symantec kept the source code available to the public. Phil Zimmerman, for the reason that you have made it so that companies can make it difficult for users to access and use encryption, now almost twenty years later, you are no longer my hero.]

Since PGP has become monetized and corporatized for corporate profit and control, for those of you who want (and should) set up encryption, there is still a way. GnuPG (part of the OpenPGP Alliance) has made encryption available to Windows PC users using their GPG4win software. Essentially, the software appears to have originally been written for the Linux operating systems, but it has been ported for those of us that are still shackled to a Windows PC operating system.

 

HOW TO OBTAIN AND SET UP PGP SOFTWARE IN ORDER TO ENCRYPT AND DECRYPT YOUR MESSAGES AND FILES:

STEP 1: DOWNLOAD THE SOFTWARE.

The link to download the latest version of GPG4win is here:
https://www.gpg4win.org/download.html

STEP 2: CREATE A SET OF KEYS.

– For those of you more techy, the keys they set up are 2,048 bit keys, which are the standard for today’s encryption. However, technology does advance quickly, and if you are anything like me, you’ll want to use the 4,096 bit keys (which is more encryption than you’ll ever need, but why skimp on privacy when such a key is available?)

So if you want this stronger key, when the software asks you if you want to create keys, say “no,” click “File, New Certificate,” and click on the advanced settings. There, you will be able to 1) choose the heightened security 4,096 keys, along with 2) the ability to SET AN EXPIRATION DATE FOR YOUR KEYS.

STEP 3: SET AN EXPIRATION DATE FOR YOUR KEYS!!!!!

NOTE: All of us have set up keys, and have lost them due to computer malfunction, hard drive crash, or just losing the secret key files. ***IF YOU DO NOT SET AN EXPIRATION DATE ON YOUR KEYS, THEY WILL BE ON THE MIT SERVER FOREVER!!!*** And, you will be unable to delete the keys later on. So please! Set an expiration date on your keys. I set mine for 12/31/2016 (at the end of next year), and next year, I’ll set up another set of keys.

STEP 4: CREATE A REVOCATION CERTIFICATE BEFORE YOU UPLOAD YOUR KEYS TO THE SERVERS!

For some reason, the Kleopatra Windows PC software does not have an option to set up a revocation certificate so that you’ll be able to revoke (or inactivate) keys on the MIT server that you no longer use.

For this reason, and this is easy to do, the superuser.com website has described a way to set up a PGP key revocation certificate using a command terminal (“CMD”) code.

In short, open a terminal in Windows (using “Run, CMD”), and type the following:

gpg –output revoke.asc –gen-revoke [MY KEY-ID]

(NOTE: The MY KEY-ID is the “Key-ID” for the key you created using the Kleopatra software.)

Then save it somewhere where you cannot lose it. Print it out and save it offline if you need to.

STEP 5: UPLOAD YOUR NEW KEY TO THE MIT SERVER SO THAT OTHER PEOPLE CAN FIND YOUR KEY.

This is the step that you should be most careful about. Once you upload the key, it’s on the server forever (viewable at https://pgp.mit.edu/). So just double-check your steps before you take this step.

 

HOW TO USE PGP:

Once you’re all set up, you’re set for the life of your encryption keys (remember, I set mine to expire at the end of next year.)

Below are the steps to use PGP:

STEP 1: OBTAIN THE KEY OF THE PERSON YOU ARE SENDING YOUR MESSAGE OR FILE(S) TO FROM THE MIT SERVER.

You can search for their key by either:

1) On the Kleopatra software, click “File, Look Up Certificates on Server,” and then you would type in either their name or e-mail address and select which key you want to use (best to use their most recent key if there are multiple keys).

2) Alternatively, you can accomplish the same result by entering their name or e-mail address on the MIT server (https://pgp.mit.edu/). For example, for mine, you would search for rzcashman@cashmanlawfirm.com, and my key would show up.

STEP 2: WRITE YOUR MESSAGE AND ENCRYPT IT TO THE KEY OF THE PERSON YOU ARE SENDING IT TO.

On the Kleopatra software, you would click on the “Clipboard” button on the toolbar and select “Encrypt.” A new screen will open, and you’ll write your message.

Once you have written your message, click on the “Add Recipient” button and select the key of the person you are sending the e-mail to. Remember, you did this in STEP 1.

STEP 3: COPY AND PASTE THE ENCRYPTED TEXT INTO AN E-MAIL.

This is the easy part. Once you have the message you wrote encrypted to the key of the person to whom you wrote the message, a string of letters will appear in your window. Copy and paste it (all of it) into an e-mail.

REMEMBER, encryption protects the CONTENTS of an e-mail not the META DATA, meaning, it only protects the contents of what you wrote. It does not protect who you wrote it to, or what server you were logged into when you sent the encrypted text. This was part of the issue with the NSA claiming that they were “only” pulling meta data, and not the contents of the e-mail themselves.

NOTE: If you also encrypted a file to attach to the e-mail [I did not describe how to do this yet], attach the .gpg file that your software created as an attachment to the e-mail. The person to whom you encrypted the e-mail will be able to decrypt the attachment as well as the contents of your e-mail.

STEP 4: THE RECIPIENT OF THE E-MAIL DECRYPTS YOUR E-MAIL AND ANY ATTACHMENTS

Since you encrypted your message with the intention that only the recipient sees it, when he receives your e-mail (and any encrypted attachments you also sent), he will be able to use his own software to decrypt what you have sent to him.

Why is this possible? Because you encrypted the contents of your message to his key, and thus only he can unencrypt and read your message. When he replies to you, he will write the text into his software, and he will encrypt the message (and any files he also wants to attach) using YOUR key that he pulled off of the server, and he’ll send it over to you.

 

ENCRYPTING FILES:

Encrypting one file at a time using the Kleopatra software can be done by clicking “File, Sign / Encrypt Files.” From there, another window will open up, where you can select which file to encrypt. When the software asks for whom you would like to encrypt the file, just use the key of the person to whom you want to send the file. The software will make an encrypted copy of the file in the same folder, just with the .gpg file type. Use that file when sending the encrypted file in an e-mail as an attachment.

If you want to encrypt the file using your own key file (meaning, only you can unlock it), you may (for example, if you are sending yourself a private file to be accessed somewhere else). But if you only want the encrypted file to remain on your computer, remember to manually delete the original file, or you’ll have both the original and encrypted files in the same directory.

ENCRYPTING MULTIPLE FILES, OR FOLDERS, OR ENTIRE HARD DRIVES:

The topic of encrypting entire files, folders, or entire hard drives is outside the scope of this article. Doing so requires software such as Truecrypt, and it is a different process than encrypting and decrypting e-mails and messages using PGP as we have described here.

ENJOY!

TERMINOLOGY: There are two PGP encryption keys that you create when you set up your “key pair” — a “public” key and a “private” key. The public key is the one that is uploaded to the server, and if you provide someone your encryption key for them to send you e-mails or files, it is ALWAYS the public key that you send to them. The “private” or “secret” key is the one that remains with you or on your computer, and it is used to decrypt messages and files that were encrypted to your public key. Never give out your private key to anyone.


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Last month, I wrote an article entitled, “Whether internet porn viewers ‘should expect viewing histories to be made public.”  The fear that prompted that article was that someone could hack into the logs of a porn-streaming website, and with that information, expose the porn viewing habits of millions of Americans.  The conclusion of that article was that it would be difficult for a hacker to hack into a website which streams adult content, steal the website’s logs containing the IP addresses of those who have viewed the web pages which stream the videos, and then somehow correlate that IP address list with the actual identities of the internet users.  Thus, I do not expect to see any Ashley Madison hacks for websites streaming copyrighted content anytime soon.

The next question people asked was, “can I be sued for viewing copyrighted content on a YouTube-like site?”  In short, the answer is yes, you can be sued, but it will likely never happen.  Here’s why:

POINT #1: A COPYRIGHT HOLDER WOULD LIKELY NOT BE ABLE TO OBTAIN THE IP ADDRESSES OF THOSE WHO VIEWED THE WEBSITE STREAMING THE CONTENT.

While a hacker would likely be able to obtain the IP address records from a pornography website’s analytics through theft, a copyright enforcement company such as CEG-TEK or RightsCorp would be unable to get this information without 1) a court order, or 2) the cooperation of the adult website itself.  The reason for this is that 1) porn website owners are notoriously outside the U.S., and thus, they are outside the jurisdiction of the U.S. federal courts.  The copyright holders could try suing the website owners, but this is often a difficult task (finding an elusive website owner outside the U.S. is a much more difficult task than suing internet users who participate in a bittorrent swarm to obtain files using BitTorrent).

While the analytics companies could be sued and forced to disclose the list of IP addresses for a particular website, this is also an unlikely scenario because complying with such a court order directing them to turn over records for one of their clients’ websites could be 1) illegal, and 2) it could put them in jeopardy of being sued by their customer.  So this is not a likely outcome.

Secondly, the copyright holders could “join forces” with the website owners to participate in the financial earnings of going after the downloaders (alternatively, they could be outright paid to disclose this information), but again, doing so would put the websites own visitors (their own customers) in financial jeopardy, and thus they would likely not participate in such a scheme.

In short, it is unlikely that a copyright holder would be able to obtain this needed list of IP addresses of those who viewed certain copyrighted content, and thus, with a streaming site, the copyright holders would likely not be able to learn who you are.

NOTE: It is still advisable to use a VPN when accessing a site streaming content, because your own ISP could be monitoring your web viewing habits, and they ARE in the U.S., and they could be sued and/or pressured to hand over “evidence” that your account visited a particular web page at a certain date and time.  It is unlikely this would ever happen, but it is best to err on the side of caution.

POINT #2: ALL LAWSUITS TO DATE HAVE BEEN FOR BITTORRENT ACTIVITY.  I HAVE NEVER (YET) SEEN A LAWSUIT SUING SOMEONE WHO VIEWED A PARTICULAR VIDEO ON A PARTICULAR WEBSITE.

To date [and as far as I am aware], all of the copyright infringement lawsuits filed in the U.S. District Courts (the federal courts) across the U.S. have been for BITTORRENT ACTIVITY.

With very few exceptions where the copyright holder identified and sued the UPLOADER (the one who POSTED the video onto the website) based on a watermark or secret code embedded into the copyrighted video that identified the accused infringer as being the one who disseminated the copyrighted materials, there has never been a “John Doe” bittorrent lawsuit against a downloader who got caught by viewing content streamed on a YouTube-like website.  This is not to say that there will not be one in the future based on future internet fingerprint IDs forced upon internet users by government entities, or the like.

Thus, copyright holders have not yet and likely will never go through the initial step of 1) suing the website owner to obtain the list of IP addresses, and for this reason, I have not seen and do not foresee seeing lawsuits filed against internet users who view copyrighted content using a YouTube-like streaming service.

This is not to suggest or encourage that someone use this medium of viewing copyrighted films as technology can change, laws can change, and as the courts loosen their long-arm jurisdiction against foreign corporations and entities (weakening the Asahi case), the United States might start asserting its jurisdictions over foreign countries or foreign entities or corporations, and they might start forcing an internet fingerprint ID on the citizenry to track each citizen’s internet usage.  The takeaway, however, is that it is a lot harder to sue someone for viewing streamed content rather than suing someone for downloading content via bittorrent.

NOTE: An obvious exception to this article are those who have created accounts using their real identity or contact information, either 1) to participate or comment on forums or in the comment sections of the websites, or 2) those who pay a monthly or annual membership to access the premium content (e.g., faster speeds, unlimited content, etc.).  If you have an account on a website which streams content, then YES, your identity is at risk, and your viewing habits could be exposed for the world to see.  Otherwise, likely not.


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Copyright Enforcement Group (CEG-TEK) has sent possibly hundreds of thousands of letters to internet users accused of downloading copyrighted content via bittorrent. In their letters, they invoke the Digital Millenium Copyright Act (DMCA) as the justification for their “intellectual property (IP) enforcement” activities. They claim to be the good guys, but are they?  Are they “naughty or nice”?

CEG-TEK claims to be the good guys — they stop piracy, and as a result of their efforts, fewer people download on the ISPs’s networks (a social “good” and a “win” for the copyright holders). They have stopped the copyright troll lawsuits, for the moment. And, although they are charging $300 per title for each downloaded movie (sometimes higher) for what is often an accidental “click of the mouse,” they claim that they are not “bad” or “vindictive” like their Rightscorp competitor, which charges only $20 per title, but then sues the accused downloaders in federal courts, and then even go so far as contacting the ISPs in order to attempt to shut down the internet accounts of those accused of downloading their clients’ copyrighted titles via bittorrent.

But then again, CEG-TEK is a business. While I have had success negotiating away cases against veterans, the elderly, and in many cases, college kids, CEG-TEK has taken a number of steps which at best would be questionable.

Most relevant is the “admission of guilt” clause in their settlement agreements, which at the time of writing this article has flipped back to the version which does not include this clause. Months ago, when CEG-TEK expanded into Canada and then Australia, the settlement agreements which released those who have settled from liability included the following clause:

111715 Admission of Guilt in CEG-TEK Settlement Agreement

[For those of you who cannot see the image, it says, “…in the event of a (i) failure to clear, (ii) chargeback, (iii) cancellation, (iv) failure to complete…this Release shall be considered admissible and conclusive evidence of RELEASEE’s infringement of the copyright in the Work and that RELEASEE will be liable to CONTENT COPYRIGHT OWNER for all damages, statutory and/or otherwise, for such infringement plus attorney fees plus costs as of the Settlement Date…” (emphasis added)]

[Now as a side note, for those who are particular about formatting and details, note that CEG-TEK placed that inflammatory clause at the bottom of Page 2, and they split it up where half of it is at the bottom of the page, and the other half is at the top of the next page, where even a careful individual might not read the clause in its entirety because the inflammatory clause is separated by being on different pages.]

The problem with such a clause admitting guilt is that it is binding on an unsuspecting individual who tries to settle the claims against him by paying with a credit card. How?  These contracts are available to the individual paying the settlement fee on the CopyrightSettlements.com website to review, and upon processing the credit card payment, they agree to the terms contained within the contract.

Then, when their credit card transaction fails (either because their card is not accepted by CEG-TEK’s website, or because the transaction is declined, or, if through no fault of their own, because of the website itself the bank flags the transaction as suspicious (fraud alert for a large online charge) and fails to approve the transaction), at that point, the individual has admitted guilt to copyright infringement, which carries a $150,000 statutory fine for each title downloaded. Assume for the moment that the individual has five (5) cases.  Multiply this $150,000 amount by five separate copyright holders, and the individual could be looking at 5 x $150,000 lawsuits (= $750,000 in statutory damages separated into multiple lawsuits filed by different copyright holders all of whom hired CEG-TEK as their agent to enforce their copyrights) where the internet user has already admitted guilt.

Then, when the confused internet user who tried to settle calls CEG-TEK on the phone already having admitted guilt, what sort of leverage does the individual have if they are asked for more than $300 per title? Legally, they likely have no defense because according to the terms of the agreement, they already admitted guilt — even if the credit card transaction failing was not their fault.

So… Copyright Enforcement Group may be the “good guys” because they let attorneys negotiate away cases for vets, old ladies, and elderly gentlemen who don’t realize that they should be using a VPN when they download adult content, and CEG-TEK may serve the public good by demonstrating that piracy has gone down because of their efforts. While this is all true, remember: watch their contract, because caveat emptor still applies.

I don’t want to make this into a “you should have hired an attorney for your $300 matter” blog entry, but really, this is but one example of how even the “good guys” need to be approached with caution, and better yet, through a proxy by using an attorney. [I won’t even go into the conspiracy theories about CEG-TEK trying to get more than the $300 per title that is listed on the website.] Let’s stick to the facts and look at their contract to judge them on whether they are truly “naughty or nice.”


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Now is the moment that bittorrent attorneys joke to themselves, “now is probably a good time to brush up on divorce law.” In short, there have been bloggers and members of the news media who [once again] have written fear-based articles that there is about to be a “hack of all hacks” which will disclose the porn viewing habits of millions of Americans.  The threat of such a hack was originally circulated in 2013, then in February 2014, then in April, then again in June, and now again in October 2015. It has become a popular story to circulate because of the fear such a story invokes, and since it has reared its ugly head yet again, here are my thoughts on the proposed hack:

In the most recent version of the story, anyone who this past year (2015) has visited websites such as “XVIDEOS.COM,” or other YouTube-like websites which stream pornographic (and likely copyrighted) content (even using the browser’s “incognito” mode [which does nothing except NOT SAVE what you visit on your computer, but all other records are kept regarding that website visit by both your ISP, the website itself, and all trackers and cookies hooked in to your connection]) has been threatened that there will be a major hack which will correlate the IP addresses of those who have visited the website with the real names of the internet users.

Now without attracting the ire of hackers, this would have to be a pretty complicated hack in order for it to succeed. They would not only have to hack the logs of the porn tube websites (not so hard to do, as website analytics logs are not that well guarded), but in order to link the IP addresses they would retrieve from a hack of the porn websites’ logs, they would still need to obtain the identity of the internet user.  In order to do this, the hackers might either have to hack one or more ISPs (Comcast, Verizon, Time Warner, Charter, Centurylink, etc.) to obtain account information and/or IP address histories (a list of IP addresses that have been leased to the account holder over the past year in accordance with that ISP’s “IP retention policy,”), or the hacker would have to hack some popular website (e.g., Facebook, Instagram, etc.) which houses the real identities of the suspected internet users AND employs sufficient tracking methods (internet trackers or cookies) to follow those users when they are browsing “away” from the website (e.g., such trackers would note that a particular internet user visiting Amazon.com is the same user who just viewed their buddy’s updates on Facebook).  In short, the hackers would need to obtain the identities of the internet users through either their ISPs or some popular website, and then they would need to correlate those identities with the stolen internet logs (of IP addresses of the internet users who have visited the pornography website).

Now if that was a mouthful for you and you are confused, let me simplify the matter by going over this again in detail:

From the porn website side of the hack, every time you visit a web site, the website sees the IP address you have come from (or, if you are coming from a VPN, it sees the IP address of that Virtual Private Network which is shared by other internet users as well). The website can see which pages you viewed through the trackers associated with the site (e.g., Google Analytics helps website owners track what website each visitor came from, what search term(s) you used to arrive at the website, what you clicked on when you accessed the website, how much time you spent on each page, and where you clicked to when you left the site, etc.) What it cannot tell you is WHO YOU ARE.

Now there is a website put out by the Electronic Frontier Foundation called “Panopticlick” (https://panopticlick.eff.org) which in my opinion freaks out everyone who clicks on it (especially security-minded users such as myself who have freakishly identifiable browsers based on the privacy plug-ins and custom privacy settings built into our browsers), but the point of the website is to teach you that your browser itself can “expose” who you are based on the fingerprints your browser leaves every time you visit a website. Also, pay attention to IPLeak.net (https://ipleak.net/) which tries to see past your known IP address to discover if you are leaking your true IP address (which can lead a hacker to your identity through your ISP). Lastly, pay close attention to the “IP Check” test on the JonDoNym website (http://ip-check.info/?lang=en) because each of these items checked can compromise your identity.

The missing link to make such a hack happen is that the hacker would need to access the data mining logs that are stored on each user (e.g., in browser cookies) or through tracking websites such as DoubleClick, etc. (essentially, the hacker would have to also access the advertising-based websites which unknown-to-you latch on to the the website you visit so that when you shop on one website for a particular product, and then you switch to another website, the product you are shopping for appears as a creepy recommendation from the other site). [For those of you who understand me how this works, I always got a laugh when I used to sign onto a public VPN at Starbucks using software such as Hotspot Shield {WARNING: DO NOT USE PUBLIC VPNS}, and in my browser’s search results, I would always see porn-related ads and suggestions.  This was an indication as to what everyone else who was signed on to that free VPN was doing with that VPN connection.]

Back on point as to trackers, you do not see the trackers*.  However, they latch on to you when you visit popular websites (e.g., Facebook, LinkedIn, Netflix, Hulu, Amazon.com, Walmart, etc.).  To protect yourself from trackers, you should know that there are ad blockers and tracker blocker browser plug-ins, most notoriously Ghostery (https://www.ghostery.com/) or Disconnect (https://disconnect.me/) which do a good job blocking these trackers.  *NOTE: You can actually see the trackers when using one of these tracker blockers.  Alternatively, for a visual representation of which trackers you are connecting to, get the Lightbeam extension for Firefox (https://www.mozilla.org/en-US/lightbeam/), and get ready to be surprised.

In sum, the hacker would not only need to obtain the IP address logs from the streaming pornography website (which would indicate which IP addresses visited which pages at what times), the hacker would also need to hack into a website or company (e.g., Facebook) that has access to your real name.  Further, just in case your IP address history is not available for the hacker to correlate with the the porn websites’ IP address logs, the claim is that the hacker might be able to use your browser’s fingerprint (e.g., as described in EFF’s Panopticlick website), or they might hack into a data mining company’s website which tracks you as your browse from one website to another to properly identify you as the individual who viewed that web page at that date and time.  In my opinion, I cannot imagine that the technology is this advanced to allow a hacker to track users using their browser fingerprints nor do I think they would be able to breach and access a data mining company’s records.  For these reasons, I don’t think this browser-based fingerprint hack or the data-mining based hack are valid threats, at least not yet.  (NOTE: If there ever comes a universal internet ID, then yes, this would easily identify users across websites, and such a database would probably be easily hackable too if you take the current record of IRS and federal employee data hacks and you project that lack of security forward into a universal internet ID system.)

So here is my opinion.  Really, unless I am missing something, I can’t imagine that technology is that advanced to allow a hacker to hack the YouTube-based streaming porn site, identify the users who accessed that website through their IP addresses and the browser fingerprints (I don’t think browser fingerprint data is even available through generic website analytics likely employed by the pornography websites, even the paid websites), cross-link those browser fingerprints with other websites you have visited (even with the hacking of data mining services) to identify the real identity of the person using that browser, and then post a list of the real user names and associated identities (to “expose” those users) of those who have visited the targeted pornography websites just as they did in the Ashley Madison hack.  It is just too complex of a hack to do!

To the relief of those users who have visited these pornography websites and are concerned about being exposed, there are a few things to note. Firstly, the Ashley Madison hack exposed the USER ACCOUNT INFORMATION AND REAL NAMES (OFTEN OF THOSE WHO PAID MEMBERSHIP FEES TO THE WEBSITE for access). Here, a viewer of online content likely has no account, and if there is an account, you probably didn’t give your real information because the sites merely require that you register in order to comment.   There is usually no paid content (premium content, yes, and perhaps these are the people at risk if there were such an imminent threat).

Secondly, remember that websites that house real contact information and track their users using trackers and advanced cookies probably have really really good security.  I can’t imagine that a website such as Google, Facebook or LinkedIn would allow a hacker to break into their system and steal their user lists and data mining / tracking data.  [Yes, I know just a few days ago Experian was hacked (which is funny because they provide credit monitoring services just in case another website is hacked and identities are stolen), but] My best guess is that any website that houses user information and employs such deep trackers and data mining technology would be like Fort Knox as far as security is concerned.  So it’s likely a no go for such a hack to happen.

However, here is where I would be concerned.  If I am wrong and such a large company WAS hacked (and perhaps they haven’t figured it out yet, just as the IRS took months before realizing that they were hacked), or if a zero-day security vulnerability was discovered (allowing a hacker to gain access to mining data and/or real identity records) and the employees at the company’s IT department haven’t caught it yet, then such a hack MAY be possible.  Perhaps the hackers have already infiltrated Google, Microsoft, Yahoo, or some giant free mail provider [which tracks their users in return for the free e-mail services] and the hackers already have obtained the real name contact information and, if they’re lucky, the IP address history (web history) from those mail providers. Then, the web history and account data would allow the hacker to go back in time and match the history of IP addresses obtained from the ISP or mail provider that it has hacked, and they would be able to correlate those past IP address logs to those IP address logs of the visitors to a particular website gleaned from an imminent or past hack of that website’s analytics logs. [If this wasn’t an old story, I would say that with the honor code of hackers, no hacker would say they CAN do something unless the hack had already happened and they are waiting to publish the results of that hack, or they have already identified the security vulnerability and are timing the imminent attack to gain access to the information they seek.]

If you are concerned that your e-mail address has been compromised or stolen in a past hack (such as the one I am proposing could maybe take place here), there is a website called “Have I Been Pwned” (https://haveibeenpwned.com/) where you can look up your e-mail address to see if your account and/or password has been compromised.

Realistically, though, I would be most concerned for users who have registered with accounts on the targeted websites (e.g., to post comments, join discussions, etc.). Anyone else — as soon as you can, lock down your browser, start learning about how to browse privately (I suggest learning how to use the Firefox plugins on the JonDoFox overlay and why each one is so important), and get and lock down your paid VPN if you are worried about inadvertently disclosing your IP address. Other than wiping your web and location history (e.g., with your Google or Yahoo account settings) [just in case the hack has not yet happened], this could hopefully protect you should such a hack take place in the future.

Now, for those of you who want to see what the hackers actually have in store, buckle down, grab your popcorn, and wait to be impressed. If this is a real story with an imminent threat AND IT ACTUALLY HAPPENS, then this could be an Edward Snowden kind of hack which could forever change the way we think of internet security. If it is a false alarm (my suspicion), or if the hacker cannot produce what he claimed he can or has been able to do, then that hacker who has been leaking this story over and over again might consider leaving town for his own safety — or else he might find himself at the bottom of a river for diluting the reputation of hackers who would no doubt be angry at him for promising something none of them can deliver.

References:
Independent.co.uk, “Internet porn viewers ‘should expect viewing histories to be made public’
Brett Thomas, “Online Porn Could Be The Next Big Privacy Scandal
Independent.co.uk (April), “Could your online porn habits be publically released?

FURTHER OBSERVATIONS ON WHETHER LAWSUITS FOR ACCESSING STREAMING CONTENT WILL EVER HAPPEN: Where this article is relevant to copyright infringement / bittorrent / copyright troll lawsuits and DMCA requests for settlement amounts:  There are two nuggets that someone accused of downloading copyrighted pornography should take away from this article (and as usual, none of this is to be considered legal advice):

1) Just as a hacker would be able to obtain the IP address records from a pornography website’s analytics through theft, a copyright enforcement company such as CEG-TEK or RightsCorp can use bittorrent software to track the IP addresses of all of the downloaders participating in the bittorrent swarm (no theft; this information would be freely available to them).  No lawsuit is needed, and no subpoena is required from a judge to obtain the IP addresses of the accused downloaders.  The bittorrent software alone provides this information to them.

Also, neither CEG-TEK, RightsCorp, nor the copyright holders need to sue an accused downloader in federal court to obtain their identity.  Rather, under the DMCA laws, the copyright holder (or their agent) can send a DMCA violation notice to the accused infringer’s ISP, and the ISP forwards that violation notice (often containing a hyperlink forwarding that suspected infringer to their http://www.copyrightsettlements.com website (run by CEG-TEK), where the link they click on would prefill-in the case number and password of the accused downloader’s “case.”  It is in accessing this website that the accused downloader is faced with a demand for payment to settle all known claims of copyright infringement against them.  How all known claims?? Before CEG-TEK sends the DMCA violations notice, their computer system already pre-fills in all other accused downloads or past infringing activity based either on the accused downloaders’ past IP addresses, or based on the geolocation data provided to CEG-TEK.

2) Just as it would be difficult for a hacker to pull off such a hack as described here, also take away that all of the copyright infringement lawsuits filed in the U.S. District Courts (the federal courts) across the U.S. have been for BITTORRENT ACTIVITY.  As far as I know, with very few exceptions where the copyright holder identified and sued the uploader based on a watermark (or secret code) embedded into the copyrighted video that identified the accused infringer as being the one who disseminated the copyrighted materials, there has never been a “John Doe” bittorrent lawsuit against a downloader who got caught by viewing content streamed on a YouTube-like website.  This is not to say that there will not be one in the future.

In order for a copyright holder to sue an accused downloader for viewing content that is streamed to that user via a website (this is how they would need to do it), that copyright holder would need to first obtain from the pornography website’s owner the list of IP addresses of the individual or individuals who visited a particular web page of the pornography website (noting that each video would have its own unique website address), and this endeavor would require cooperation or compliance of the pornography website’s webmaster (which will almost certainly NOT happen, as most websites are now hosted OUTSIDE of the United States).

Second, after the copyright holders obtain the IP address(es) of the accused downloaders, they would need to follow the same procedure as Copyright Enforcement Group (CEG-TEK) by sending DMCA letters to the ISPs instructing them to forward those notices of copyright infringement to the account holder who was assigned that IP address.  Or, the copyright holder or their agent would need to file a lawsuit in the appropriate federal district court on behalf of the copyright holder, and the copyright holder would then need to persuade a judge to issue a subpoena to force the ISP to hand over the identities of the accused downloaders based on the list of IP addresses obtained from the website owner.

In the likely scenario that the website owner did not provide the list of IP addresses of the accused downloaders, the lawsuit could still proceed against the John Doe Defendants.  However, the copyright holder would first need to sue the website owner (who might reside outside the U.S., and outside the jurisdiction of the U.S. federal courts) to turn over the list of IP address logs of those users who visited a particular web page hosting or embedding the copyrighted video owned by the copyright holder.

Thus, the second takeaway from this article is that copyright holders have not yet and likely will never go through the initial step of 1) suing the porn website webmaster to obtain the list of IP addresses, and for this reason, I have not seen and do not foresee seeing lawsuits filed against defendants who viewed copyrighted content using a YouTube-like streaming service.  This is not to suggest or encourage that someone use this medium of viewing copyrighted films as technology can change, laws can change, and as the courts loosen their long-arm jurisdiction against foreign corporations and entities (weakening the Asahi case), the United States might start asserting its jurisdictions over foreign countries or foreign entities or corporations.  (As an attorney, it is also important to note that regardless of the means of obtaining access to view a copyrighted video, downloading copyrighted content — even a temporary copy to your computer could still be held to be copyright infringement).  That being said, it is a lot harder to sue someone for viewing streamed content rather than suing someone for downloading content via bittorrent.


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

This is too important of a case not to mention, but I simply have not had the time to write it up (nor do I think that I could have done a better job than what was written up here). Read this article and understand that with a fight, Malibu Media LLC cases can and do crumble.

The most fascinating part about this Colorado federal court ruling is that it came from US Magistrate Judge Michael Hegarty (who has been a thorn in the side of us defense attorneys because his rulings have until now been consistently pro-copyright troll). This is a fascinating revelation which will perhaps smother the Malibu Media, LLC v. Doe cases filed across the U.S.


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Fight © Trolls

To sum up: it is wrong always, everywhere, and for anyone, to believe anything upon insufficient evidence.

William Kingdon Clifford

In myriads of Bittorent cases across the country, copyright trolls tout a couple of Bittorent transactions registered by an unlicensed German investigator Guardaley/IPP International/Excipio as a “smoking gun” kind of a proof, but Colorado Magistrate Michael E. Herarty doesn’t think it is enough to establish liability.

Michael E. Hegarty
US Magistrate Judge
Michael E. Hegarty

A month ago Judge Hegarty recommended granting in part and denying in part plaintiff’s motion for summary judgment in Malibu Media v. Justin Winkler, COD 13-cv-03358, where the judge suggested that Malibu needed more evidence.

In my opinion, this recommendation is significant for defense attorneys and pro se defendants not only in Malibu cases, but in all the other Bittorent lawsuits, especially in numerous instances, where forensic examination of defendants’ hard drives yielded no traces of…

View original post 445 more words

It is difficult to track the activities of a copyright troll such as Malibu Media, LLC, especially when they are filing hundreds of “single John Doe” lawsuits across the U.S.  However, when there is a momentous ruling by a federal U.S. District Court Judge such as the one we saw yesterday in New York, then the story begins to reveal itself.

A few weeks ago, I noticed that there was a shift in the locations where Malibu Media, LLC was filing their cases. Cases began to shift into Ohio (OHND, OHSD), Virginia (VAED), and Pennsylvania (PAED) federal courts (courts which I refer to as “safe haven” courts because of past rulings by judges who allowed Malibu’s cases to proceed unhindered), however I did not understand why.

It was only until a recent conversation with one of Malibu’s local counsel that I understood that they were already aware that this ruling was coming down, and so they shifted their filings into other federal courts in other parts of the country to counterbalance what could be a shift in the law of the New York federal courts.  Call this the dirty word “forum selection,” or call it whatever you would like, but there is a pattern which can be graphed like birds flocking across the U.S. based on rulings that happen in the federal courts.

In sum, in my jaded view over the past five years of dealing with nothing but these bittorrent cases, there is no way to shut down the Malibu Media, LLC copyright infringement / “extortion” machine, as this requires participation from every judge in every federal district court. And, it is a difficult task to break the “my court, my world, my rules” mentality that so many appointed federal judges have (where their appointments often have political leanings or where there is a loyalty to a certain belief system or group).

Specifically, even with an appointed federal judge with a political proclivity to a certain viewpoint, it becomes even more difficult to break the lobbyists’ (such as the MPAA / RIAA copyright anti-piracy lobby) grip, which whisper in the judges’ ears (rich with funding and which no doubt influence decisions across the U.S. [and I dare not bring the question of whether the judges are influenced by bias or “gifts” from these lobbyists (legal or otherwise), and I say this because there have been more than a few questionable rulings which suggest to me that at the very least, certain federal judges have a leaning towards one side or the other and where the law is clear, they still differ to allow the copyright holder to prevail]).

In sum, we have a legal system where when a judge upholds the law, he is lauded and congratulated as if he did something wonderful, when upholding the law was the job in which he was appointed to do and which he took an oath to uphold.

There are easy solutions to wipe out Malibu Media, LLC, and every other copyright troll out there who abuses the legal system in order to extort massive settlements from their defendants, however, the country appears not to be ready to address the issue. Senators, congressmen, federal judges, I don’t have anything to say except to do the right thing. And in the merit of judges such as District Judge Hellerstein, Judge Wright, and many other lone wolf judges who do uphold the law, you have my respect and my continued devotion.

Below are the most recent 100 Malibu Media, LLC filings, filed literally only in the past few weeks. You’ll notice, not one of them was filed in the Southern District of New York (or ANY New York federal court. I wonder why.)

OHIO NORTHERN DISTRICT COURT (Yousef M. Faroniya of Law Office of Yousef M. Faroniya)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-01340)
Malibu Media, LLC v. John Doe (Case No. 5:15-cv-01341)
Malibu Media, LLC v. John Doe (Case No. 5:15-cv-01343)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01342)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-01345)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-01346)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01339)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01344)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01316)
Malibu Media, LLC v. John Doe (Case No. 4:15-cv-01312)
Malibu Media, LLC v. John Doe (Case No. 5:15-cv-01319)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-01317)
Malibu Media, LLC v. John Doe (Case No. 5:15-cv-01315)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01314)

OHIO SOUTHERN DISTRICT COURT (Yousef M. Faroniya of Law Office of Yousef M. Faroniya)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-00235)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02516)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02518)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02515)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02477)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-00236)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02517)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02519)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00435)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02456)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-00230)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00423)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02453)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02454)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00422)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02455)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02457)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-00224)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-00224)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-00228)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-02452)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00420)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00421)

VIRGINIA EASTERN DISTRICT COURT (William E. Tabot of William E. Tabot PC)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00855)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00851)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00859)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00860)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00852)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00862)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00865)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00856)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00853)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00861)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00857)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00863)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00866)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-00850)

PENNSYLVANIA EASTERN DISTRICT COURT (Christopher P. Fiore of Fiore & Barber LLC)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03598)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03600)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03602)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03604)
Malibu Media, LLC v. John Doe (Case No. 5:15-cv-03599)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03601)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03603)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-03605)

MARYLAND DISTRICT COURT (Jon A. Hoppe of Maddox Hoppe Hoofnagle & Hafey LLC)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01851)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01864)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01865)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01855)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01861)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01862)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01869)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01854)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01866)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01868)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01859)
Malibu Media, LLC v. John Doe (Case No. 8:15-cv-01858)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01871)
Malibu Media, LLC v. John Doe (Case No. 8:15-cv-01863)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01853)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01867)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01870)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-01857)
Malibu Media, LLC v. John Doe (Case No. 8:15-cv-01856)

NEW JERSEY DISTRICT COURT (Patrick J. Cerillo – Attorney at Law)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04307)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04309)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04276)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04305)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-04287)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-04288)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04308)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04304)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04275)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04278)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04310)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04272)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04273)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-04269)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04230)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-04232)
Malibu Media, LLC v. John Doe (Case No. 3:15-cv-04243)

MICHIGAN EASTERN DISTRICT COURT (Paul J. Nicoletti of Nicoletti Law PLC)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-12293)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-12294)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-12274)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-12283)
Malibu Media, LLC v. John Doe (Case No. 2:15-cv-12290)


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Judge Alvin Hellerstein of the Southern District of New York just did the right thing in denying “expedited discovery” which would allow Malibu Media, LLC to send a subpoena to the Time Warner Cable ISP, thus preventing Malibu Media from learning the identity of the John Doe Defendant.

The copyright troll blogosphere is no doubt about to erupt with this story — in fact, the Twitter feed is already bustling with comments from Sophisticated Jane Doe (@FightCopytrolls), Raul (@Raul15340965), and other bloggers. Bottom line, a United States District Court Judge just said “no” to allowing Malibu Media’s extortion scheme to proceed.*

Judges are the gatekeepers of the law, and the reason these cases have been allowed to fester and infest our legal system is because judges [until now] have been asleep. They have blindly allowed the plaintiff copyright trolls the ability to wreak havoc on the accused downloaders by allowing the copyright trolls access to them so that they can intimidate, harass, embarrass, and threaten to deplete all of the funds of the accused defendant’s [sometimes life] savings in order to avoid the costly alternative of litigating a copyright infringement lawsuit.

For the purposes of this article, I am focusing on two points which I found to be interesting in today’s Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04369; NYSD) ruling (see Judge’s order here).

RULING 1: OBSCENE PORNOGRAPHY MIGHT NOT BE ELIGIBLE FOR COPYRIGHT PROTECTION.

This ruling (based on Judge Marrero’s Next Phase Distribution, Inc. v. John Does 1-27 (Case No. 284 F.R.D. 165, 171 (S.D.N.Y. 2012)) case is the “third rail” issue in copyright troll litigation. Do copyright rights extend to pornographic materials? What if they are considered “scenes a fair,” or scenes which contain the same “roles” and “characters” as in other films — are these considered copyrightable (keep the same story, scene, genre, and roles, but switch the actors)? Are these works considered art? And, what happens if the copyrighted film violates one or more obscenity laws — does that film still have copyright protection?

These are just questions, and to date, they are unresolved. However, the fact that Judge Hellerstein brought it up means that he is seriously considering whether this should be a basis to deny copyright infringement claims against John Doe Defendants.

Reference: See my 8/14/2012 article entitled, “How to make bittorrent cases go away once and for all…” (Reason 3)

RULING 2: MALIBU MEDIA ACCUSES A JOHN DOE DEFENDANT, BUT PROVIDES **NO EVIDENCE** THAT THE “JOHN DOE” DOWNLOADER IS THE ACCOUNT HOLDER. THUS, THERE IS **NO BASIS** FOR SUING THE ACCOUNT HOLDER OR IMPLICATING THE ACCOUNT HOLDER AS BEING THE “JOHN DOE” DOWNLOADER DEFENDANT IN THE LAWSUIT.

This has always been a blatantly simple, and yet tough argument to describe. But when you think of it, the simplicity — once it jumps out at you with the “aha!” moment — is charming and unforgettable.

In short, Malibu Media can prove that SOMEONE downloaded one or more of their titles. However, they do no prove (or even assert any evidence) to indicate that it was the account holder who downloaded the copyrighted film… so what legal basis does Malibu Media have to sue the account holder?? Judge’s answer: None.  In order to make a “prima facie” case that would convince a judge to rubber-stamp a subpoena permitting the copyright holders to force an ISP to turn over the identity of the account holder (whether or not he is the actual downloader), the copyright holder needs to provide some “link” identifying the actual downloader as being the account holder. No link is ever provided in Malibu Media’s pleadings, and thus in legal terms, the pleading “fails” and the copyright holder’s request for expedited discovery should be denied.

That’s it.  My two cents, for what it is worth.

Congratulations to District Judge Hellerstein for a brave and correct ruling on the law. Now if all of the other judges in the Eastern District of New York would fall in line with this ruling and abandon the “my court, my world, my rules” mentality, we can put an end to these cases once and for all.

Additional Reference:
Fight Copyright Trolls (SJD): Citing previous Malibu Media’s sheer abuse of court process, New York judge denies early discovery

*UPDATE (7/7, 6:30am): I am surprised that there are not more articles on this topic.  This should be all over the news for other NY judges (and judges in other federal district courts) to see.  Unfortunately, if other judges do not see [and act on] this ruling, then it gathers dust and it has little-to-no effect on future Malibu Media, LLC lawsuits. …and the scheme continues unhindered.


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

OTHER RECENT MALIBU MEDIA (NYSD) CASES:
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04713)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04717)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04720)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04725)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04728)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04729)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04730)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04731)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04735)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04736)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04738)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04732)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04733)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04734)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04741)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04742)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04743)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04739)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04740)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04744)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04745)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04367)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04374)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04370)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04377)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04368)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04369)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04371)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04373)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04378)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04380)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04381)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04382)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03130)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03135)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03137)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03138)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03143)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03144)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03134)

Follow

Get every new post delivered to your Inbox.

Join 126 other followers