Thoughts on why it’s impossible to prove infringement by downloaders

Final Update

I have canceled the domain name and archived the text elsewhere on this blog. All of this content was written in 2012 and hasn’t been updated in years. I am keeping the post you’re currently reading for historical and entertainment purposes. If you follow any outdated advice or information given below, you do so entirely at your own risk. I am not a lawyer and only a fool would take anything I write as legal advice.

UPDATE: I’m working out the details of a next-gen P2P file sharing program that should fix up most of the problems with P2P file sharing today, including the IP address targeting issue that spawned this article in the first place. I also found an Ars Technica article on why IP addresses aren’t enough to find file swappers.


I have always wondered how it is possible to prove in a copyright infringement case that peer-to-peer file sharers and Internet file locker downloaders are individually responsible for what they’re accused of, short of a confession by the person being targeted. I thought that it’s about time to place my logic here. Feel free to post comments poking holes in this logic. (Comments are moderated, by the way…people seem to wonder why they don’t appear immediately, so please don’t double post.)

An IP address is not a computer, and a computer is not a person. You ultimately must sue a person; not a computer, and not an IP address. That’s obvious.

Putting a person behind a keyboard through evidence is nearly impossible. Let’s use an analogy where instead of proving that infringement has occurred, we’ll discuss proving that I posted this article. How can you prove that I am at my computer right now, posting to this blog? You almost certainly can’t. You know it’s being posted, sure, but the challenges that can be mounted against proving the identity of the poster are quite intimidating:

  • How do you know which of my devices I’m supposedly using? You might say “by the IP address it’s posted from” but if it was posted from the static IP of my business, it could mean that someone in my business gained access to my account, or that someone broke in and used my already-logged-in account on an unlocked computer, or any number of other possibilities.
  • Even if you can point to a device, how do you know that I was in control of the device at the time that the post was uploaded from it?
  • Assume you can prove that I was using a device exclusively at the time of posting and that the post came from that exact device. How do you know that malicious software didn’t do it? How do you prove that I took the actions at the keyboard that posted the content, and not something else that might have been on my computer?
  • Assume you proved all of the above, plus in a forensic examination of the hard drive of my system, you could find no evidence that malicious software of any type was present. It’s just as possible that an infection was present in RAM that does not write itself to the hard drive (thus only working until system shutdown). The instant I shut off the computer and provide it to your computer forensic investigator to comply with your discovery subpoena, it would be wiped out, leaving no trace. This isn’t necessarily likely since most malicious software authors want it to persist across reboots, but it is very possible and such an infection would be nearly impossible to make antivirus signatures for or analyze due to the fact that all traces of it are lost at reboot or power down. (There are possible ways to catch it, but they’re very difficult and likely also beyond the skill sets of most casual computer programmers, including myself.)

Keep in mind, all of this isn’t proving that I posted this blog post. This (except the point about infection that’s only in RAM, to some extent) is the process of proving that I was merely capable of doing so. It’s the digital equivalent of proving that someone had a gun in their hand while proving that a murder was perpetrated by that person: the tool is present, but they still have to aim and pull the trigger. How can you prove (once you somehow manage to meet the burden of proving everything above) that a person pulled the trigger and downloaded a copyrighted file? I can only think of one way: show that the computer in question actually downloaded the file over the Internet. The only way that this can be possible is through ISPs logging all packets in and out of your computer or through the copyright holder uploading the file to you. In the latter case, you’d have a solid argument that they gave you permission by offering the file up in the first place, which is almost certainly why no copyright trolls can show traffic logs of this nature. ISPs cannot possibly archive every packet that travels across the Internet (imagine trying to archive everything that flies over a 10 gigabit network connection; unless you have a storage device that can store a gigabyte per second and has millions of gigabytes free, it isn’t happening.)

I just don’t see how anyone proves definitively that someone was responsible for something over the Internet without the targeted person spilling too much information. What do you think?

[Added 2012-12-11] In the case of the majority of file sharing software, files are distributed in pieces that are significantly smaller than the total size of the file. Even if you can prove that someone joined a network and started swapping partial pieces of a file back and forth with absolute certainty (which we have established is extremely unlikely if going by an IP address alone), arguments can be made regarding this distribution method that weaken the case of someone attempting to prosecute:

  • Pieces of a file are almost universally useless on their own: The pieces of a file that are shared are generally of very limited use on their own; in the vast majority of cases, without the first piece of a file containing header information that lays out the format specifications of the file, pieces are often completely useless and might as well be random noise. One could argue that having an unusable collection of pieces of the file cannot be considered infringement, because (depending on the file format) missing the header data, the end-of-file data, and/or intermediate data required to connect pieces is sufficient to make it impossible for the computer to reproduce a copyrighted work or a portion thereof from the incomplete file. Video streams in particular encode “key frames” every few seconds, and between those key frames, the only data is what has changed between each successive frame; thus, damage or missing data for a single frame in a video file will render hundreds of video frames thereafter useless.
  • Did you verify the file data solely from the uploader you’re prosecuting? The architecture of most peer-to-peer file sharing networks is such that downloading a file’s pieces is massively multi-sourced across many users with low upstream bandwidth. It is nearly impossible that any given downloader will acquire the entire file from a single uploader, and particularly in the case of large files such as feature-length DVD movie rips, even if an uploader sends the file at 90 KB/sec (not unusual for a decent DSL package) a typical 702MB (CD-length) DVD rip would require 133 minutes of the uploader sending the data solely to the downloader at full upload speed. Needless to say, a combination of client throttling, possible ISP throttling, multiple uploads at once, and other factors pushes the typical home DSL connection’s contribution to a peer swarm closer to 5-10 KB/sec (based on my own experiments with monitoring individual peer bandwidth while downloading torrents of Linux install DVDs, most peers appear to contribute 10 KB/sec or less at a time.) The chances of obtaining a file from a solitary uploader are very slim, and it could be argued that if the copyright prosecutor didn’t download the entirety of the file data from the targeted uploader exclusively, then they are prosecuting that uploader based on file data from other people. This would be no different than someone giving the rights holder two pieces to a puzzle that shows a pattern of random dots until completely assembled, the holder getting the rest of the pieces from 50 other people, then prosecuting all of the people for offering out the entire infringing puzzle based on the revealed image of the fully assembled puzzle based on their obvious possession of only a fractional piece that is not even viewable without the other pieces. Failure to verify that the person has transmitted a complete, usable copy of the infringing file is not convincing when the individual pieces without all other dependency pieces are effectively random noise.
  • Most peers in a P2P file sharing network don’t even have the entire file in their possession to offer for upload in the first place. If the person in question doesn’t have the entire file, they aren’t in possession of the copyrighted work. For reasons outlined above, a partial file is effectively useless; without verifying that the infringing party is “seeding” (has 100% of file pieces and offers 100% of those pieces as downloadable from them) the prosecuting party cannot truthfully state in a court of law that the target possesses the copyrighted work without committing perjury.

I’m interested in any comments on this subject, or any points that I might have left out.

8 thoughts on “Thoughts on why it’s impossible to prove infringement by downloaders

  1. Don’t they simply go after the person LEGALLY tied to the IP adress (the account holder). I don’t think they have to prove you did it, they simply have to prove that your internet was used for this purpose, although I’m not sure.

    1. If your car is used for a bank robbery, or someone stabs someone else in your yard, are you responsible? This is the same problem behind trying to say that an IP address is a person. It simply isn’t. Internet access is effectively a rented information pathway, and much like the street in front of your home, it’s possible for things to happen there that have nothing to do with you, and it wouldn’t be fair to tag someone with liability when the limit of their involvement was being the owner of a driveway.

  2. As a rightsholder myself I follow these cases pretty closely. I have suits actively going on at this time and I’ve attended various hearings, settlement conferences and trials over the past 3 years.

    You make some great points here. But, in my experience I’ve learned that the IP address is just one of many, many things that are brought forward. It might be important in the beginning – such as to locate the home or business it is assigned to – but once thats done, other things come into play.

    Once notified of the dispute defendants have a legal duty to preserve all evidence that may be relevant to the dispute. Yes, many will claim that the hard drive suddenly crashed they day they got served the lawsuit – but they better keep the bad drive to prove it. And, the Plaintiff (rightsholder) has the right to examine that drive and the new drive and all CDs in the house, etc.

    That alone narrows it down to the computer owner most of the time. Just looking at the computer.

    And, if he changed the computer (drives, whole system, whatever) after being notified of the potential suit (not just a real suit being filed), it creates an issue of Spoliation ( This is always looked at in the light most favorable to the Plaintiff. If the guy tried to hide something – it is automatically assumed he was hiding something that would prove him guilty.

    Next, there are many other things that are done in prep for trials. While you list a few things, like computer being unlocked while you are away from it. Sure, a defendant can say that on the stand under oath (penalty of perjury) if he wants but thats sort of the “dog ate my homework” type of story and most judges or juries would believe it. Its a risk trying to defend a suit on a lie.

    Its not like Law & Order. In civil cases the bar is much lower as far as “proof” is concerned. Its not the old “Beyond a reasonable doubt” standard. Its lower.

    Lastly, please remember that if a rightholder or law firm has tracked a person down and invested money up to that point – they are very unlikely to just stop when the defendant says “its wasn’t me it was my open wi-fi and the kid next door”.

    They’ll investigate the kid next door. He and his parents will bounced it right back.

    I know of one case where they hired a detective to watch the guy. It wasn’t bit-torrent but it was an open trading forum. They simply log the guys posts. None made while he was at work, dozens made when home, none while on drive to McDonalds, more when back with his Quarter Pounder, none while taking his kid to basketball, more made when home from the game, etc.

    All I’m trying to say is the the IP address is just one lead they use. There are many more ways to show whom is the party at the keyboard – some that are in ways kept secret and surprised me when I learned of them.

    1. Thank you very much for the informative and insightful response. This is the kind of reply I was hoping to attract with this post. I greatly appreciate you taking the time to type all of that out for us.

      On my guide at I briefly mention the principle of spoilation of evidence (though I don’t call it that since it’s a layman’s guide) with the phrase “Once your property is subpoenaed in a court case, you can be charged with a serious criminal offense if you tamper with any potential evidence, so performing these steps as soon as possible is vital to damage control.” I would personally be interested in knowing this distinction: does the spoilation attach when your computer or other property are subpoenaed, and if not, when does it attach?

      Also, I am fully aware that the IP address is only a portion of a well-researched copyright infringement case, and I think some readers may have interpreted this as meaning I didn’t know that. Most of my writing is about “copyright trolling,” not legitimate and narrowly targeted infringement cases. I write software and that also makes me a rightsholder, and I know that if I could reasonably prove that someone who was no longer working for me or paying a licensing fee for the use of my specialized software was using it anyway, I’d certainly enforce my copyright in a courtroom. My issue is that the uploaders are where the real issue lies, and targeting individual downloaders is like shutting the fence once the cows are all out of it.

      1. Great info. I just got internet suspended but turned back on because I was told a certain record label saw songs downloaded though the IP address. I haven’t got a letter or anything yet. Any chance these copywrite trolls will actually come after me?

Leave a Reply

Your email address will not be published. Required fields are marked *