Comment: Digital fingerprint cracks the case
By Nigel Carson
October 25, 2005
Last month, when Australian Federal Court Judge Murray Wilcox ruled that Kazaa is illegally authorising copyright infringement, he put Australia on the world map of landmark intellectual property cases - related cases against Kazaa in the US had previously failed.
The looming billion-dollar damages claim against six respondents, including Sharman Networks (Kazaa), is likely to make global headlines. It is certain to capture the attention of the millions of people around the world who have illegally used Kazaa's popular file-swapping software to share millions of music, movie and pornography files since 2001. It may even cause sleepless nights for the internet service providers now starting to recognise their legal liability in hosting illegal content or simply providing the vehicle for such activity.
But Wilcox's finding has also put Australia on the map for another reason. Wilcox relied on crucial digital evidence from forensic computer specialists. In a situation where there was no smoking gun, these specialists were able to build a solid case on purely digital evidence.
The Kazaa case has come at a crucial time in the development of the relatively young science of computer forensics, and the Australian verdict has captured the attention of computer forensic investigators around the world.
The case was an important step in the continuing evolution of computer forensics as a solid science. Little more than a decade old, the science of computer forensics is evolving in parallel with the transition from paper-based documents to digital media storage. Unlike traditional forensic sciences, it does not have the benefit of centuries of research and testing and is somewhat vulnerable to courtroom attacks, where the infancy of the discipline and the lack of recognised training and formal qualifications have been used as an excuse to question the expertise of its practitioners.
In the recent court cases, extremely valuable evidence was found in the statistical performance logs and charts derived from the web server itself, providing insights into the breadth and depth of traffic to the site from various parts of the world. This evidence strengthened the argument that the service provider would almost certainly have known the nature of the site. The data may also provide a useful statistical framework for assessing damages.
Also extremely valuable was the use of "packet capture tools", which preserve every communication that crosses the network interface from a computer. Popular among hackers, packet capture tools are sometimes used to intercept clear text passwords - plucked with ease from the sea of background noise on the Internet.
In the Kazaa case, these tools were used to determine the covert interactions the Kazaa software was making to other Kazaa sites and helped investigators determine the importance of supernodes within the system. The tools were also activated to monitor the process of running the Kazaa software, searching for a song and downloading it. The resulting packet-capture files provided a reliable copy of the entire communication between forensic computers and the other Kazaa users sharing files.
Also critical to the cases was the physical location of possible sites for search and seizure of additional evidence. For the Kazaa matter in particular - with more than 20 possible search sites identified - there was a pressing need to be accurate in identifying the physical location of the specific internet addresses. Relying purely on network analysis, computer forensic investigators were able to identify the specific faculty in a university from which a Kazaa supernode was operating, and that site was ultimately a target in the Kazaa raids. Anton Pillar orders allowing seizure of computers were eventually granted for 13 sites in three states.
A side effect of the successful litigations is that commercial viability of peer-to-peer systems is now in doubt. File-sharing operators are reconsidering their position. The RIAA has mailed out several cease-and-desist orders to file-sharing operators. Already one other major operator, WinMX, has shut down. Others are likely to follow.
With each battle won by the music industry, the propagation vehicle for file sharing becomes increasingly decentralised, making it harder for legitimate businesses to benefit from the file-sharing masses. Legitimate service providers and file-sharing networks cannot simply turn a blind eye to content. As the act of illegal file trading is pushed further underground, it will open the way for legitimate online music sales, and for recording artists to reclaim some of their lost revenue.
Nigel Carson is director forensic IT for Ferrier Hodgson.
To the author I would say in the end, so what? They are trying to scare people. Does anyone even use Kazza anymore?
They've always had the ability to get hold of I.P details with a court order...hardly "compter forensics".
They cant do much about a decentralised system like Bit Torrent.
In the end they will do a few high profile busts on some poor bastard in the burbs with a couple thousand music files on his P.C then take his house. That should scare many into submission. Perhaps they will link it with anti-terror laws and criminal confiscation laws? That should do it. Hell, why dont they just exterminate the entire human race and be done with it.