Trolls and the Junk Science

One of the blog readers asked me to publish his thoughts, which I gladly do. I only touched formatting, not the content.

I decided to write this after hearing this term once again and immediately thinking of the Copyright Trolls going after people for allegedly illegally sharing copyrighted adult movies via torrents. When I first found out what Copyright Trolls were, I couldn’t believe it – seriously. What a bunch of bottom feeding low life bozos. Hard to believe our legal system allows such activity to occur.

So what is Junk Science? According to, Junk Science is “faulty scientific data and analysis used to advance special interests and hidden agendas.” One of the “Special Interest” listed on the Junk Science site is “Personal injury lawyers.” Read the following details on these lawyers and tell me if you don’t think the Trolls fit in this category.

“Personal injury lawyers – sometimes referred to simply as trial lawyers (as in the American Association of Trial Lawyers or ATLA), may use junk science to extort settlements from deep-pocketed businesses or to bamboozle juries into awarding huge verdicts.”

Well, the “John Does” are not deep-pocketed businesses, but file against enough of them and you are doing pretty well at creating a virtual deep-pocket of income.

“…to advance special interests and hidden agendas.” Boy if that doesn’t hit close to home (or Troll Hole)… The agenda of the Copyright Trolls is to make as much money from settling with alleged illegal downloaders, not to determine true culpability. Make no mistake that pure profit guides this effort. If they would actually take the time to try to determine if the owner of the IP address is responsible for the downloading/sharing, the Troll profit margin drops pretty fast. Anyone have an idea of how much computer forensic analysis of a single system would run??? One Web site gives a general forensic examination estimate of 5-35 hours at variable rate of $125 – $175. OK, estimate a minimum of $600, to over $6,000. How many systems do you have in your household? Many homes have a couple – multiply the examination cost even more. Let’s not forget the possible analysis of the network modem and other network equipment (firewall/routers, switches, hubs, etc.). Depending on the situation, these could be central to culpability. If the analysis fails to disclose the file or indication that the file resided on the system, the Trolls are really risking their bottom line (profit). The burden of proof may be lower is a civil proceeding, but you are still presumed to be innocent unless proven otherwise — Burden of proof is still on the Trolls. And let’s not forget who is doing this specialized analysis… Employees of the trolls — do we see a vested interest in this???? And what is the training and certifications for those who are doing this analysis? Having a computer science degree does not necessarily give you training or experience in investigations, objectivity, evidence collection, and computer forensic analysis. If person(s) working for the Trolls to collect the IP addresses are not certified computer forensic examiner or at least a trained investigator, the flood gates of questions can be raised as to their ability, competency, and impartiality to accurately perform such activities.

“faulty scientific data and analysis”. Another area in which the Trolls excel in. First problem is the method the Trolls use to collect the offending IP addresses. It may be as simple as having someone sit in front of a Torrent client and write down the sharing IP addresses. The fact is we do not know and cannot examine the method independently. One of the Trolls is claiming that they spent over $250K in developing special software to collect offender IP addresses. The Troll makes the claim that the software is flawless. I know, stop laughing and read on. OK, so how many of you think all the money Microsoft spent on developing Windows prevented mistakes and vulnerabilities in the software? Who knows, maybe the software is simple and works as claimed. You of course need to have an independent party test out the method and software repeatedly to truly determine this. This will likely never happen, as it isn’t in the business plan of the Trolls. It costs more money and the risk of a negative finding isn’t worth jeopardizing their income.

Faulty analysis on the IP address. The Troll belief that IP address ownership equals culpability is faulty to the core. I’m not saying their method is 100% wrong, just that they are not 100% right. Now here is where the Trolls state that if their analysis was faulty, how come people agree to the settlement. FACT: Only some people have settled with the Trolls; not all of them. I don’t have numbers, but I have seen the estimate of 40-50% thrown around. So let’s say 50% settlement rate. Of those 50% who settle, did they all settle because they admitted culpability, too embarrassed to fight (porn or gay porn), scared and confused, or it is cheaper to pay then fight it out in court? We of course will not know this, as the confidentiality clause in the settlement agreement prevents both parties from talking about it — convenient. Even if you increase the Troll settlement rate to 75%, does that mean remaining 25% did not illegally download/share the media in question? What is your answer Trolls?…… What percentage of the people you accuse are not guilty? Unless the Trolls say their methods are 100% accurate, they have to admit IP ADDRESS DOES NOT EQUAL CULPABILITY. At best, the subscriber information associated with an IP address shows who is paying an ISP for Internet access via that IP address.

Faulty analysis on the Media Access Card (MAC) address. Some Trolls state the MAC address of the offending system was also given to them by the subpoenaed ISP and is more proof of culpability – again this is not 100% accurate. Not to get too geeky, but the MAC address is part of the Network Interface Card (NIC), located either on the motherboard or a separate card. The MAC address is akin to the VIN on a vehicle. But different from the VIN, in that the MAC address is easily spoofed, often for legitimate reasons. The MAC address is just like the IP address – MAC ADDRESS DOES NOT EQUAL CULPABILITY.

When I first started up with my Internet Service Provider (ISP) years ago, I didn’t have a Small Office/Home (SOHO) hardware firewall/router. To access the Internet, the ISP required me to register the MAC address of my system. They do this (MAC filter) to prevent unauthorized personnel from stealing Internet access from them. Sometime later I purchased a SOHO firewall/router and tried to install it between the modem and my system. Of course after I did this, I couldn’t access the Internet. The MAC address of the SOHO firewall/router is different from my system. This was easily fixed in the SOHO firewall/router by simply selecting the “Clone MAC Address” option – copies the system MAC address to the SOHO firewall/router.

Now let’s talk about the average SOHO firewall/router being used today. These SOHO firewall/routers have four physical points where to connect separate systems, in addition to the ability to connect wirelessly – let’s say 10 wireless users are allowed. Each one of these systems has a separate MAC address. As far as the ISP sees (and filters), there is still only one MAC address accessing their network. Let take this one step further. I decide to upgrade my NIC and throw out the old one. Now I have a new MAC address on my system, but my firewall/router still shows the old one as being cloned.

Faulty analysis in the area of Wireless access. Now let’s talk wireless access to your network. I would estimate that a good portion of people that have a wireless SOHO firewall/router, run it with some type of security to prevent unauthorized systems access to their network. This is an area that Trolls like to point out that if you have access locked down, you must have been the one who illegally downloaded/shared the media. This would be true if the security features of the firewall/router were fool proof – they are not. A search of the Internet will give you the methods of breaking Wireless Equivalent Privacy (WEP)/Wi-Fi Protected Access (WPA)/WPA2, as well as cloning a MAC address of a system authorized on your network. Of course it is better for you to have some proof that unauthorized systems somehow gained access to you network. Log from the SOHO firewall/router and/or screen shots showing foreign (unauthorized) systems are good to have. Due to the limited logging ability of many SOHO firewall/routers, this is often not possible. Taking screenshots of your SOHO firewall/router Web interface when you identify these unauthorized system is a good idea. Here are some You Tube videos showing how easy it can be to breach WEP and WPA: Video 1, Video 2, Video 3.

Faulty analysis in the area of “Open” Wireless access. If you run an “Open” wireless network, then anyone within range can use your Internet access. You can still MAC filter only those systems you want to authorize, but as stated above, it is not 100% effective (MAC cloning). I have seen online where one Troll sent a letter stating if you run an “Open” wireless access point, you are still responsible. Another wrong analysis motivated by their special interest of profit. I know of no U.S. laws that prohibit an open wireless access point. If it can be shown that you knew illegal activity was occurring and you did nothing, then you could be in trouble. As most people don’t monitor their home firewall/router (set it and forget it), it is unlikely anyone using it will be noticed. If your ISP notices a large increase in the bandwidth you use, they may contact you. It is more likely they will just throttle back your bandwidth and let it go at that. As long as you are paying for their service, they really don’t care how you use it. The less the ISP has to deal with you, the more money they make.

Your ISP probably has something in their user agreement where they suggest you take various step to secure your wireless access point. Such as changing the password for the firewall/router, enabling WEP/WPA/WPA2, and MAC filtering. These are suggestions (often good ones) and not a requirement.

Your ISP will also have some statement in the Internet usage agreement absolving them of any illegal activity that occurs on your portion of their network (your IP address). This is an interesting avenue to explore, as the Trolls have not gone after the ISPs for being responsible for their customer’s alleged illegal activity. If you have a consent/warning banner in front of your SOHO firewall/router’s “Open” Internet access, will the Trolls leave you alone? I really doubt it. But it then raises the question on why the ISP isn’t a co-defendant in these cases. By the Troll‘s arguments, the ISPs should have been monitoring for illegal activity and since they didn’t, they are partially to blame. Can you see the Trolls going after ISPs? No, as this is really going to cost them all of their profits.

Having a consent/warning banner is something I would like to add to my firewall/router, to advise Internet users. That way anyone using my network would have to acknowledge that illegal activity on it is not condoned, authorized, and I absolve myself of it.

Have you ever tried to add a consent/warning banner to you SOHO firewall/router? It is not a standard option for the majority of SOHO devices. Yes you can load a new operating system to some of these SOHO devices, but it will invalidate your warranty. It is also not something the average user will be able to do. Do the wrong thing and you may turn this device into a worthless brick. I just purchased a top of the line SOHO firewall/router and an editable warning banner isn’t available. Now I will email the manufacturer and ask if this is possible, but if the answer is “No,” I’m out of luck. I guess I could host my consent/warning banner on a Web page, but I really want a person to have to click on the “I have read the terms of usage and agree with them,” prior to being able to access the Internet.

Having a consent/warning banner is what most commercial “Open” Wi-Fi spots use to absolve themselves of culpability. Now again if you observe any illegal activity, you need to take immediate action to stop it on your network. Failure to do this can get you in trouble. If you want a good example of wireless terms of usage and guidelines, please read the one in use by the U.S. District Court for the District of Columbia (DC) for their “Open” wireless access point. I guarantee the lawyers for the Federal Court in DC reviewed this and have good legal standing.

Bottom line – There is no way to truly know if the person who pays for the IP address illegally downloads/shares the media in question without a full investigation. Claiming that IP address equals culpability is pure Junk Science. The Trolls know this — they are not that stupid. They are practical in their business model and sad to say efficient in collecting settlements. If you hear a Troll state they are stopping piracy, don’t believe the BS. It will still go one in one form or another. Their efforts will only lead to people changing their methods — example: using a proxy service to run their Torrent downloads through. The Trolls know they have a limited time to collect as much settlements as possible before those who illegally download/share media change their methods or the Justice System rules against their questionable methods.

John Doe

wordpress counter


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s