Tufts University tries to protect student names from RIAA
- August 7th, 2008
- 2 Comments
The RIAA is looking for people and is willing to sweep up whomever it needs to in order to accomplish its continuing goal of punishing piracy. Under a March court order, Tufts University and other ISP’s in the district are supposed to provide a list of possible violators when not able to provide names to a “reasonable degree of technical certainty.”
MediaSentry has identified 11 IP addresses of being an interest to the lawsuit. The RIAA would like people to believe those 11 IP addresses should belong to 11 easily identifiable users. Or even close to easily identifiable. However, that is not the case.
The school assigns MAC address to individual users, but the IP addresses assigned to those MAC addresses are renewed after 10 days. Two of the IP addresses in particular could have been used by up to 40 people during the time in question.
A vice president at Tufts has written a letter to a federal judge stating the difficulty in giving up the names.
We believe, in these two instances, that it would be unfair to identify all possible individuals meeting the plaintiffs’ criteria, given the low likelihood of identifying the guilty party.
Ars Technica asked an RIAA spokesperson about the situation and got a pretty pat response:
As we do in all of our cases when issues are presented, we will work with the school to determine the most reasonable course of action to prevent further abuse of its network.
Colleges are expected (by law, that is) to soon start formalizing a set of plans to curb piracy. In the meantime, expect large, sweeping dragnets like this to continue to attract the interest of privacy advocates.
IsaacB (Who am I?)
3 months ago
Bravo Tufts, but don’t expect every college in the country to follow suit. If I were the RIAA, my goal would not be to prosecute the individual students. It would be to harrass enough colleges to clamp down on file sharing, period. Similar to the way corporate IT now filters and blocks anything that is not “relevant” or could get them sued. Don’t be surprised when the RIAA, or one of their proxies, offers a “ready-made-solution” that universities could adopt to serve industry goals. BTW, I have a few dozen defective cassettes. Where do I send them for replacement media?
Ben (Who am I?)
3 months ago
a couple of things i’d like to add: first, MAC addresses aren’t assigned, they are hardcoded into each and every device that accesses the internet, thus each one is wholly unique and traceable. universities use these to track students bandwidth usage (among other things). Second, while it is true that most universities use dynamic ip’s for student internet access, and that the given block of IP addresses requires that they get recycled, the universities have the capability to (and usually do) track data up and down from individual IP address and (because the school uses MAC addresses to track students) are able to trace even an individual packet to a specific computer, game console or even wi-fi enabled cell phone. schools keep very good records on what ip address was doled out to what MAC address, and most schools have some kind of measure to match MACs to real live people, including name, residence, home address… all the info a school has on a student basically.
so really, it’s not that the school is standing up and saying “you’re asking the impossible.” because the RIAA isn’t asking that, in reality the school is telling the RIAA that they just won’t give them the info they seek, but they’re doing it by hiding behind a facade of technical ignorance. it’s really quite cowardly.
with all that in mind, try what i do: MAC spoofing, and for anything really worth hiding, make use of proxy servers.