All major news sources this morning are running the story of Jammie Thomas, the Minnesota woman who was the first to take the RIAA illegal file sharing accusations to court, and the jury judgment of $220,000 against her and in favor of the recording industry. [WaPo]

I will not comment on the merits of this lawsuit. Instead, I will mention one of Ms. Thomas’ defenses and its merits. During trial, Thomas defended on the ground that someone else was using her Internet connection. Her lawyer suggested in his questioning that someone other than Thomas — someone outside her window, or a neighbor — could have been responsible if she used a wireless router. That could have allowed anyone nearby to utilize her Internet connection, using the same IP address that led the record companies to Thomas.

If the jury had believed this possibility, they would not have found against Thomas. And this may be because of the specifics of this case - Thomas used the same login name in her P2P file sharing software as she used to login to her computer and myspace. If you are a neighbor stealing bandwidth, would you still use your neighbor’s unique login name to connect to file sharing services? Would you even know what the login name is? In theory, this information should be easily obtainable but I cannot think of a good motive to use such login name except maybe malice.

Seems like the "open wireless" defense becomes a staple for all cybercrime defense lawyers - it casts a shadow of a doubt on whether the defendant was the one actually using the connection at the time of the alleged wrongdoing. Almost every home now has a wireless router and there are statistics out there suggesting that a large portion of them have no or weak protection at all. (See more on wireless protection here.) But the Minnesota case shows that not every case is appropriate for this defense. In addition, at some point courts and juries may decide that if it is your wireless access point, you are responsible for what goes through it, with or without your knowledge. Currently the state of law is such that we are far from wireless point strict liability, but after a sufficient number of cases where such this defense is rejected, its usefulness may be zero.

2 Responses to ““Open Wireless” Defense Not So Successful”

• notquite 5October2007

  Rather than predicting the death of the defense and a gloomy future of strict liability (a horrible prospect on many levels), I suspect technology will easily solve the issue. That’s what happened in this case. A different reading of the transcript suggests the jury disregarded the ‘defense’ not so much due to disbelief and identical usernames, but because the plaintiff’s went ahead and disproved it.
  Wired’s coverage says the plaintiffs countered the defense by specifically introducing evidence from the IP logs that indicated there was no wireless router present.

• dm 5October2007

  Maybe you are right that the jury gave more credit to the Plaintiff’s expert witness than to the Defendant’s excuse. And this is all it was - an excuse.

  However, in similar cases a similar plaintiff’s expert witness could be easily impeached or discredited. Doug Jacobson, an Iowa State University professor testified that in his opinion, the IP address was not spoofed, saying that, “[m]aking IP spoofing work is extremely complicated. Pretending to be somebody else at the same time they’re on the Internet is almost impossible to carry out.” Is it? Wouldn’t a defense lawyer then call a different security expert to testify that, in fact, it is not so difficult? That wireless routers routinely can easily copy the MAC address of the cable router and spoof it, etc.

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>