Kazaa witness takes iiTrial stand

Kazaa witness takes iiTrial stand

Summary: Nigel Carson, a computer forensics investigator and a key witness in the 2004 Kazaa case, was called to the witness box today by iiNet's legal team to answer questions on whether an IP address was enough to identify a movie pirate.


Nigel Carson, a computer forensics investigator and a key witness in the 2004 Kazaa case, was called to the witness box today by iiNet's legal team to answer questions on whether an IP address was enough to identify a movie pirate.

Carson, currently an investigator for forensics firm, Ferrier Hodgson, and a key witness for the Australian Federation Against Copyright Theft (AFACT), was asked the question by iiNet's general counsel Richard Cobden.

The "IP address is the starting point of investigation," Carson told the Federal Court. In the 2004 Kazaa case, he had made the claim that it was possible to locate the physical computer and user of the machine by tracing the IP address.

AFACT had relied on public IP addresses (those issued by an ISP) and BitTorrent client identifiers in order to "bombard" iiNet with infringement notices. AFACT expected the ISP to pass the notifications on to its customers.

Cobden established with Carson that a typical household may have multiple users, be issued dynamic IP addresses, and, where wireless routers are concerned, access to the internet by unknown external parties — all of which would make it difficult to pin an act of piracy on an individual.

Carson today agreed that following the acquisition of an IP address, in order to identify the person behind computer activity, an investigator would typically be required to use provisions available to the NSW Police or the Australian Federal Police, such as a court order or warrant.

A key plank of iiNet's argument for not forwarding AFACT's notifications so far has been that privacy provisions in the Telecommunications Act prevent it from matching publicly available IP addresses to specific account holders. It has maintained a warrant would be required.

"The next phase of investigation, in general terms," Cobden said to Carson, "would involve interviewing the account holder, or persons living at the premises, and conducting a forensic analysis to determine whether certain material was available." Carson agreed.

Cobden also attacked Carson's claim that in the instance of a cable-based modem, the IP address would rarely change. "So a cable user can't disconnect?" asked Cobden. Carson conceded that a modem could be "powered down", which may result in the router being issued a new IP address by the ISP.

The case continues with iiNet's managing director Michael Malone set to take the witness stand this Thursday.

AFACT also this morning said it would subpoena correspondence between ISPs and the Internet Industry Association (IIA), which the federation hopes will establish that the IIA is not a disinterested party.

Topics: Piracy, Government AU, Legal, Security, Telcos

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Kazaa wintness

    A very good point made here. What about all the mum and dad internet users with unsecured net connections. We all know or know of someone in the past who has stolen a nearby net connection for use.(I do NOT condone that nor have I EVER done it) Are those people then going to recieve a letter stating they will have their net cut off. They wouldn't have a clue what was going on!

    Sharing is careing people.
  • Agreement with unsecured networks.

    I agree too, it's a big problem, you only need to go around in a car to see how many open networks are out there..
    I'm sure this could be used as evidence.
  • Address masking

    A NAT router can support dozens, hundreds or thousands of physical PCs behind one public IP address.
  • So if you use BitTorrent...

    You should leave your wireless connection on the router unsecured, to allow for this defence? Hmmm. I'm paranoid, I disable the wireless on mine.
  • what?

    Whay buy a wireless router in the first place if you're not going to use the wireless.
  • Dynamic IP Addresses

    As an iiNet customer it is my experience that Dynamic IP Addresses are changed regularly by the ISP, perhaps even once per week.
  • Wireless router

    Even if an account holder is using the wireless networking and has security enabled most households have neither the technical knowledge or the equipment to monitor what other people in the household are using the internet link for.

    Should an account holder automatically be held responsible for what could well be another individuals fault when they have no realistic method of monitoring?

    I do not believe so and I do not believe most reasonable people would believe so.
  • iiNET

    It seems to me that iiNET is establishing that the correct procedure for AFACT was to go to the police first then get the police to obtain from iiNET who had a certain IP address at a certain time. Then the police need to investiage that acc holder and see if they or anyone at that premisis infringed the copyright.

    I dont see the relevance of the cable modem because even if the IP address changed the DHCP server should log the change.

    Does anyone know if ISPs are required to keep their DHCP logs? It would be interesting if that law has not been passed yet because iiNET could just say to AFACT sorry we dont keep that information.

    Overall it seems like a stupid case that I hope AFACT loses because there are correct procedures to follow within current law and they are trying to get around them and do things the easiest way for themselves which isnt actually legal for iiNET.
  • Attack by AFACT on my internet connection

    Dear AFACT,
    Please explain why I am under constant inbound attack by your anti-piracy investigators while attempting to download a patch to my public domain, shareware software using BitTorrent?

    My bandwidth is severely compromised and my traffic figures are wildly inflated as a direct result of your unwelcome attacks.

    I can't filter it, as it comes from a number of your representatives across the globe, and the IP addresses keep changing, similarly to the ever changing IP addresses you keep saying are downloading your movies and music.

    Please advise where I should get my lawyer to send the 'cease-and-desist' letter to.

    AFACT are in fact barking up the wrong tree.
    The internet is like a public road. If an offence
    is committed on a road, the road builder is not to blame. Given the various issues with even secure wireless being hacked its pretty much impossible to guarantee an account holder is guilty. The resources needed to prosecute make it virtually unenforceable. Getting the police involved should only be for SERIOUS offences not this copyright dribble. Or are we going to have thousands of police raiding homes daily??
  • tracing users

    If I borrow your car, and commit a hit and run, should you as the owner of the car be automatically convicted of dangerous driving and jailed?

    It must be proven that an actual person committed a piracy offence, and that person should be charged, as opposed to automatically disconnecting the account holder simply because they are owner of that account.

    In households with children, flatmates, resident guests, visitors, etc, any one of these people might commit an act of copyright piracy. You cannot punish the law abiding account holder for crimes they did not commit.