“[I]f you play hide the ball in e-discovery, and get caught, you may not only lose the case, but you may lose your job, and maybe even your license. … Instead, an e-Discovery Team plays a series of games that culminates in throwing the ball to the other side, not hiding it.”

Yahoo! Mail includes IP addresses in outgoing mail message headers, as specified by standard Internet protocol.       

And I’ve verified this through some e-mail tests. So if you send e-mail to a government address–whether it’s fake, spoofed, a honeypot, what-not–through Yahoo! Mail, then you’re basically telling the recipient who you are in real life. Even anyone with easily Google-able tools on the Internet, can find out your general location and information on your ISP.

Update: Hotmail also passes your IP address in the headers, too. (It’s passed as “X-Originating-Ip.”) So watch out for Yahoo! and Hotmail.

From U.S. v. Carter, No. 2:07-CR-00184-RLH (GWF), 2008 WL 623600, at *4 (D. Nev. March 6, 2008):

The Affidavit then described the steps taken by the Government to identify the user of Internet Protocol (IP) address 68.108.184.145. A search of the publicly available website arin.net revealed IP address 68.108.184.145 was controlled by Cox Communications. On October 31, 2006, the Government served an administrative subpoena on Cox Communications to identify the individual subscriber to IP address 68.108.184.145 on October 25, 2006 at 7:12 p.m. PDT when a user of this IP address first attempted to download the posting created by SA Luders on the Ranchi message board. On November 10, 2006, Cox Communications responded to the subpoena by identifying Luana Carter, 3815 North Nellis Boulevard, Number 26, Las Vegas, Nevada 89115, telephone number 702-860-7293, as the subscriber to IP address 68.108.184.145. Exhibit “A”, p. 16, ¶¶ 35-38. On January 17, 2007, the Government conducted a search of the public records data base LexisNexis which indicted that Luana Carter resided at the above listed address and that Defendant Travis Carter was a household member at that address. Id., ¶ 39. On January 17, 2007, the Government also checked Nevada Department of Motor Vehicle (DMV) records which revealed a current driver’s license for Luana Carter, with the same social security number, date of birth and physical address obtained through LexisNexis. Exhibit “A”, pp. 16-17, ¶ 40. On February 8, 2007, the Government also served an administrative subpoena on Nevada Power Company for subscriber information for 3815 North Nellis Boulevard, Number 26, Las Vegas, Nevada 89115. Nevada Power Company’s response to the subpoena listed Luana Carter as having an active account at that address since June 22, 2001 and listed her home telephone number as 702-860-7293. Id., ¶ 4.

A recent thread of comments on Lifehacker shows how non-governmental organizations are using this method to track down copyright infringers. If you use a P2P service such as BitTorrent, you reveal your IP to any seeder (or any other leecher in the swarm), and if the seeder is, for example, the RIAA, then they know your IP. A simple request to your ISP will cough up your name and address. And then they can get a search warrant to grab your computer(s).

If you read the rest of the case, then you’ll see that part of defense hinges upon a “wireless defense”–the “I have an open wireless router, and it could have been someone else besides me” defense. Well, that might be true, but it can’t upset the “fair probability” that the person doing the downloading the IP might have been the owner of the wireless router. I wonder, though, what the physical circumstances of the defendant was… Was he merely positing the hypothetical for his house in the countryside? Was he merely hoping for war drivers? Or was he living in an apartment building where folks on his floor and the floors above and below him–as well as war drivers–could leech his wireless bandwidth?

I wonder if the “fair probability” might erode a bit more in a high-density situation. If you really do share your wireless bandwidth with a handful of other users, is there still a “fair probability” that any Internet traffic is attributable to the router owner? Looked at another way, if someone could leech off another person’s wireless bandwidth, then maybe that person would be given freer rein to use the bandwidth in less savory ways. I mean, that’s largely why people war drive in the first place.

Yet what these people don’t understand, or at least won’t admit to understanding publicly, is that OiNK was a symbolic subcultural mirror of exactly everything they profess to hate about their vision of mainstream culture. You can’t deny that OiNK was itself a culture: it was private and elite, it had clearly elaborated and lengthy rules for membership that included an annoyingly audiophilic standard for musical “quality” and sanctions for not tithing as much as you took. It had forums where people discussed meta-level issues about its functionality. OiNK clearly had its own set of ideologies, and they were far from liberatory. While it’s only a symbolic gesture, I’m glad to see OiNK disappear for the same reasons I’m so glad to not be part of a music “scene” anymore; I don’t miss blue-blooded conservativism masquerading as originality and protest.

Also, included for free, support of the much-needed criticism of “Sasha Frere-Jones’ New Yorker article discussing race and indie rock.”

Fittingly, the most popular forms of “indie” music today—formerly accessible on OiNK by sorting in order of popularity—reflect its generic status as not one decided by instrumentation or miscegenation as much as social position. And, sad as it might be, that will probably (hopefully) be OiNK’s legacy 20 years from now: a cultural snapshot of music fandom and/of 00s indie rock as the express domain of the parochial and privileged.

Maybe places like this should take notice of the dangerousness of closed, elite communities.

NERA contends that any reasonable person would have known that the hard disk of a computer makes a “screen shot” of all it sees, which the computer then stores in a temporary file, including e-mails retrieved from a private password-protected e-mail account on the Internet. NERA further contends that any reasonable person would have known that these temporary files, although not readily accessible to the average user, may be located and retrieved by a forensic computer expert. This Court does not agree that any reasonable person would have known this information. Certainly, until this motion, this Court did not know of the routine storing of “screen shots” from private Internet e-mail accounts on a computer’s hard disk.

Furthermore:

The bottom line is that, if an employer wishes to read an employee’s attorney-client communications unintentionally stored in a temporary file on a company-owned computer that were made via a private, password-protected e-mail account accessed through the Internet, not the company’s Intranet, the employer must plainly communicate to the employee that:
1. all such e-mails are stored on the hard disk of the company’s computer in a “screen shot” temporary file; and
2. the company expressly reserves the right to retrieve those temporary files and read them.
Only after receiving such clear guidance can employees fairly be expected to understand that their reasonable expectation in the privacy of these attorney-client communications has been compromised by the employer.

As time passes, password systems are requiring stronger passwords. Needs to be at least six characters wrong, mix up capital and lower case characters, has to have non-alphabetical characters, or even non-alphanumeric characters. Can’t have any words or names. And so on.

My method takes a line of a memorable song, using the naturally mnemonic nature of setting words to catchy music, and then uses the lyrics and the rhythm of the song to make the password sequence easier to remember.

What I do is choose a memorable phrase from one of my favorite songs. Let’s say I’m going to use the “Hey! Ho! Let’s go!” phrase in the Ramone’s “Blitzkrieg Pop.” (Just for the record, I’m not detailing any of my actual passwords.)

First, just take the first letter of each word: h-h-l-g. In the song, they shout this out twice in a row: h-h-l-g-h-h-l-g. Now, maybe there’s some emphasis on the first “Hey!” and “Ho!” and let’s put the exclamation point at the end of each verse: H-H-l-g-!-H-H-L-G-!

And there we go, a pretty strong password: HHlg!HHLG! Try it. Tap it out to the rhythm of the song while you’re singing the lyrics in your head. It works. HHlg!HHLG!

That’s the basic system. But you can get fancier by throwing in a word or two and just flashing it up a bit more:

WBTC,WBTCORARoll! (“We built this city on rock and roll!”)

ComWWS1TBPWYRD! (“Carry on my way-ward son…”)

1ggHiHntoaYC$ (“It’s getting hot in here…”)

It’s pretty much a list scarfed from Lifehacker posts over the years. Only a few of them cater specifically to legal work. But nonetheless it’s a decent summary for people who are too busy to read through Lifehacker archives.

Instead of merely criticizing, here’s me putting my money where my mouth is and starting my own list of law hacks, some replicative of the ABA, others not. (You can read a snippet of my criticisms at the end of the list.)

1. Google Desktop Search (“GDS”) (or Spotlight in Mac OS). This is essential. Whenever I use a case, I save the PDF version in a folder for each client/project. And I allow GDS to catalog the contents. Then if I know I ran across a case about something, I don’t have to dig around—all I do is search. It’s that easy.
2. Name your files usefully. So I have a folder for every client/project. But files often float around independently. If I have a motion to dismiss document for client Smith, then it doesn’t help if the filename is “mot dismiss.doc,” especially if I e-mail it to someone or to myself to work on remotely. Name it usefully. I’ll use “Smith.MtD pers juris.111707.doc.” I won’t even explain what my abbreviations are for. It should be that easy.
3. Add short descriptions to case filenames. Even with GDS, sometimes you do find yourself digging around in folders and files looking for cases. When you’re reading cases, you’re usually looking for one main point of law from each one. So when you read through a case, name the file with the point it’s useful for. For example, “Smith v. Kim (1st Cir. 1992) neg op turn signals.pdf.”
4. Use a wiki or blog as a to-do list and notepad. I use a wiki to keep a running to-do list of short- and long-term tasks. I also have a list of “notepads” linked from the home page of long-term projects or just places to jot down important numbers and passwords, etc. Blogs are sometimes better for to-do lists because every day is a new to-do list and you can track your progress (or lack thereof) by replicating your existing to-do list every day. And keep them password-protected for security.
5. Use del.icio.us (or another bookmark manager). Organize and store all your bookmarks remotely so you can access them from any computer. Check out my bookmarks on rules: http://del.icio.us/pham/rules. Enough said.
6. Keep track of your time daily. Each summer, I had a small notebook for my to-do list that I would check off of and re-create at the end of each day—planning the next day’s work. I would have another small notebook where I’d write down the current project name, the time I started, and the time I stopped. Then at the end of the day or first thing the next day, I’d enter my time. I actually “experimented” by trying to account for time at the end of a week—it was impossible. And I didn’t feel right “fudging” the time, and in the end I’m sure I lost minutes which added up to hours, etc.
7. Use paper wisely—print double-sided and purge or re-use paper. It takes a few seconds to set your default printer to print double-sided. It just makes sense to do it. You’ll cut your paper usage approximately in half. I also think it’s easier to read; it’s more natural, like reading a book. Then, when you’re done with a project, purge as much paper as you can. Get it out of your office and into the recycling bin. Also, if you have to print on one-side, re-use it as scrap paper, put a staple into it and use it as a notebook, or take it home and use it in your inkjet. If you hand-write important annotations on cases, consider using something like Skim (Mac OS) to electronically annotate PDFs.
8. Keep your inbox slim. I talk about this below. You don’t need to empty your inbox every day; just keep it slim. It’s satisfying—or at least not overwhelming—to have a slim inbox. It doesn’t take much. When you get an e-mail, read it immediately and then file it away. If something needs to be taken care of, take care of it ASAP. If you can’t, then keep it in your inbox until you can, but make sure you get to it.
9. Practice voice mail etiquette—keep your greeting short, leave informative messages, use e-mail, text, or IM. Voice mail greetings don’t have to say much—hey, know you’re number, that’s why they’re calling you. “You’re reached [name]. Please leave a message.” And then when you’re leaving a message, don’t just say, “Call me back.” Tell me why. Compel me. Otherwise, you’ve wasted everybody’s time. Or just e-mail me or IM me. Voice mails are passive communications (just like e-mail or IM) that I can’t skim, that I have to work to get to.
10. Use IM. I think IM can be so useful in a work environment. It’s a quick, passive, unobtrusive way to get in touch with people. There’s also the fantastically helpful status message—you can, at a glance, tell if the person is available or not, and if they have informative statuses, what they’re up. (For example: “out to lunch until 1:30,” “working on Smith case,” “anyone know anything about suing a cop,” “afk” (away from keyboard), “working from home,” etc.) And if you use IM for work, don’t use your “BCEaglesROXNUMoneShoRTy” screen name from your foolish youth. Create a just-for-work screen name that’s professional and descriptive, like “johnsmithatXYZ.” And don’t give it out to your friends.

I don’t quite agree with the e-mail tips. I tend to think that you should keep your inbox small, but it doesn’t need to be cleared every day. My inbox is more of my mid- to long-term to-do list. Anything short-term I read and then archive or accomplish and then archive. Generally, I think once you file an e-mail away, it disappears unless you search for it. So if it’s not addressed or done, it can’t get filed away. But to keep your inbox slim, you have to address e-mails which gives you a satisfying incentive to get things done quick.

The PC hacks are a bit too technical. Plus, the recommendation of Quicksilver–which I use and love and couldn’t live without–is Mac-specific. (Launchy is the not-up-to-snuff PC variant.) But I’m totally on-board with the Google Desktop Search–or just Spotlight on the Mac OS–to search through documents, especially PDF files of cases.

This seems to be a message to the world to support the “hydra” model of seeding and leeching content: Use lots of little sites instead of gravitating to a couple of big ones. The beast should be a many-headed hydra, and when you cut off one head, two more grow to take its place.

brokep was the first to herald this idea:

“So public message to people – start up your own torrent sites, make the internet the hydra it is and needs to be. If there’s hundreds of sites, they can’t all be shut down. And well, if they shut down the few that are today, there will be hundreds of sites, I’m sure, but let’s start them before so we can spread the word of them easier.”

Here’s another write-up on the OiNK and brokep talking about the hydra concept.

What a fantastic, rich concept in such a fascinating application. Decentralize for stability. But also specialize to serve the market better. On top of it all—globalize to protect international civil rights.

So while in this current context, it’s just about sharing music, it points down to deeper core principles about how these types of movements need to operate.

Tim Wu argues that this is a failure in the political process: We have this law that doesn’t make sense and no one who can change it. Something has to change. Maybe the law *has* to change—but we, the people, don’t have the money or the political willpower to do that. In today’s society, we’d ideally want businesses to adjust their models, practices, and ultimately their ethics to suit their consumer base. But we know that’s not going to happen.

Our inability to act towards our own wants and desires in this sense is credited to our fear of the government watching us, catching us, and throwing us in the can. We get scared off from demonstrating to the government—or to the RIAA—what we think the law should really be.

In an upcoming article on privacy and e-mail, I wrote:

The panoptical society restricts individual autonomy by “unnecessarily constraining individual decision-making” through the constant threat of visibility leveraging the inherently unbalanced power dynamic favoring governmental actors.

(That’s academic-speak for saying the government, by watching us, scares us from making our own decisions about things.)

With the courts and Congress offering little protection for [our privacy concerns], and with the threat of a panoptical society on the horizon, individuals may be forced to adopt extralegal methods of protecting their perceived expectations of privacy. Fortunately, a number of technological innovations offer a variety of methods of prophylaxis from government intrusion.

And this is where things like OiNK come in. OiNK was an “extralegal” method of protecting our perceived rights. But it wasn’t secure enough. Now, to protect those perceived rights, people could then resort to better, more technologically savvy methods. Tighter, “more private” trackers. Tighter file-sharing communities. WASTE networks. Maybe even (gasp) BitTorrent over Tor.

And then hopefully Big Music and the government will see where this leads: They lose their ability to control the people when the people fritter away underground. Is this the type of arms race we want to be involved in? There’s obviously something wrong here—there’s this well-established disconnect between how music is consumed and how Big Music wants to distribute it. So someone’s got to give. And might it not be, in this case, the purpose of business to cede to consumers, and the government to cede to the people?

I suspect the MediaDefender debacle and this OiNK shut-down just hits the techie, hipster, and blogging communities closer to home than the everyman Napster and Kazaa controversies. This will soon blow over, and we’ll be back to the SNAFU we’ve be involved in for the last 20 odd years.

I think it depends on how quickly the RIAA gets its hands on any of the server logs. That’s partly facetious, but I don’t see the U.S. Department of Justice using its resources right now for criminal investigations of copyright infringement. The overseas raids were criminal matters–I don’t expect the same here. Plus, there’s an interesting issue of whether the UK and Dutch authorities would share the information with a private party.  There are long-running debates over data treatment and security between the US and EU.

But if RIAA does get the logs and data, then there will be hell to pay for anyone who used credit cards [to donate]; those who maintained membership via upload will be a little harder to trace because you’d have to follow the IP addresses, and ISPs are not always willing to hand over their customers without court orders

The conversants also note that most of the transaction were done by PayPal. While eBay has an interest in protecting its users’ privacy, a simple court order might do the trick in tracking down copyright violators—should the RIAA and the US government choose to do so.   

This reminds me of this great series of articles on Slate by Tim Wu about how politics prevents (or dissuades by inefficiency in reform and execution) the prosecution of certain crimes—crimes that society, for one reason or another (particularly because of class), has chosen to accept. It all comes down to how important that crime is for the people in charge.

In this case, US-based users might be isolated a bit because the US might not have the interest and time to pursue this claim with cross-border implications. But I don’t believe that the RIAA doesn’t have the time or interest. This just smells like something they’d like to nip in the bud. Though the problem is the “scene”—those involved in the music industry who do the initial leaking—cracking down on the outlets for their indie-cred egos might be an effective way of stemming these illegal pre-releases.

I think this is more of an important issue than people are making it out to be. While before I wondered why the RIAA isn’t going after the big guys—I now think that going after OiNK was the *smart* thing to do. It’s like going after the yuppie coke snorters in the 80s before cheap crack hit the streets. It’s going after the trend-setters (the OiNK scenesters) and not the trend-followers (the unwashed masses on The Pirate Bay).

As can be seen by the record sales from the Kanye West vs. 50 Cent faux brawl (or Lance Bass vs. 50 Cent all-out rumble), or for country music sales, the most popular music isn’t hurting. It’s the up-and-coming, the trend-setters, and the scene-busters where most of the damage is felt. People support illegal file-sharing to help out the Cold War Kids or the Clap Your Hands Say Yeah! bands, but I’ve listened to Tegan and Sara and haven’t spent a penny on them yet. (Sorry for the name-dropping, I’m having a bad time thinking of good band examples.)

But Tegan and Sara (and now great bands like Rilo Kiley) are what’s playing on MTV and as background music on the CW, and that’s the market that’s being hurt by OiNK and the like. It’s this new, emerging market that the RIAA is protecting—for its benefit, but also arguably for the benefit of these really good bands that might be able to make the big break.

I can see the future just being this big, inconsistent mess, much like what Tim Wu discusses in his Slate articles. Big Music lets trend-setting friend-to-peer communities and bloggers build up the hype for up-and-coming bands, basically doing PR for the first album or two, and then when the bands are ready to break out, they shut down those communities and then lock down on the profits. It seems to make sense. Spend no money for the first few years, and then blow it out—getting legal fees and copyright judgments in the meantime. Not bad, puppet-masters, not bad.