"There is certainly bias," says Cashman, the Houston copyright attorney. "As soon as we saw [the ruling] and saw who she was, we knew she should have recused herself."

Through a court spokesperson, Howell declined an interview request for this story, citing the fact that she is currently presiding over an ongoing John Doe case.

Sergeant West is a 38-year-old ex-Marine living in Michigan. She works as a financial planner and maintains a rental property to help make ends meet. She includes free Wi-Fi in her lease agreement, so when she got a John Doe letter in March accusing her of downloading the Maverick Entertainment Group film Smile Pretty (a.k.a Nasty), it didn't take much deduction for her to figure out that her tenant was the likely culprit.

Chris Whetzel
Chris Whetzel

"I called Comcast first; I said, 'This isn't me! This is a mistake!'" recalls West, who requested a pseudonym because she fears retribution from the attorneys who filed the lawsuit against her. "The guy basically said, 'Sorry, lady, you're on the chopping block. The account is in your name. You can try to fight it, but they're probably going to fry you.'"

Though West, Githens and Doe 2,057 all offer compelling claims of innocence, the vast majority of those accused are likely guilty as charged. They are identified by their IP address, a method that, while far from foolproof, is reliable enough to be used in criminal prosecutions for more serious cyber-crimes such as child pornography and hacking.

There are, however, several key differences between the way the FBI goes about nabbing a pedophile and the way trolling copyright attorneys pursue their prey. For one thing, says Mike Freedman, a computer-science professor affiliated with Princeton's Center for Information Technology Policy, the folks in law enforcement have a strong incentive to make a tight case. They must convince a judge to issue a search warrant and then turn up evidence that the illegal files actually are on their suspect's hard drive. "If their false-positive rate is high, they waste a lot of man-hours," Freedman says. "It's in their best interest to get good data. They are working with limited time and resources."

But because an innocent John Doe is just as likely to pay up as a guilty one, unscrupulous copyright lawyers might not be so meticulous in their search for targets. "The end game isn't to win a lawsuit for some of these people," says Quentin Boyer, spokesperson for Pink Visual, a large porn distributor that opposes the John Doe suits. "It's to exact a settlement. And if you're not worried about prevailing, maybe you're not worrying about the accuracy of your data."

Pirate hunters are cagey about the exact methods they use to trace IP addresses ("It's a secret-sauce kind of thing," says Steele), but experts such as Freedman suspect it is a relatively simple process. Either the attorneys themselves or a cyber-security firm contracted for the task connect to a swarm for their client's copyrighted file and start sharing.

"Essentially, they think we're one of them," Steele says. "They try to give us copyrighted info not knowing we're gathering that for our clients. They're giving us all the proof we need, just handing it to us."

For some judges, a list of the IP addresses that allegedly participated in a swarm is enough to order Comcast and other Internet service providers to provide the names of their customers. "Comparing it to a criminal case," Freedman says, "it's like you walk into a bad part of town where there's a substantial amount of drug use, and you see lists on the ground with the addresses of suspected drug users. Would that be enough to issue a subpoena, without any further verification?"

The gaping flaw in the system, according to Freedman and other experts, is that not every IP address involved in the swarm is sharing copyrighted data. In fact, not every IP address corresponds to an actual person. In 2008, a team of researchers from the University of Washington's Computer Science and Engineering department set out to determine if it is possible to draw the ire of pirate chasers without sharing a single copyrighted file. By adding their IP addresses to a BitTorrent tracker — but never uploading or downloading any data — the academics received more than 400 complaints ("takedown notices," filed under the Digital Millennium Copyright Act), including several that were addressed to their office printer.

"Some monitoring agencies don't verify that a user reported to be sharing a file actually is sharing that file," Michael Piatek, Tadayoshi Kohno and Arvind Krishnamurthy write in their paper, Tracking the Trackers. They conclude that "practically any Internet user can be framed for copyright infringement today."

The savviest Internet users can also use "spoofing" technology to scramble their IP address or make it appear as though they are surfing the Web from a computer halfway across the globe. For a network-security expert such as Doe 2,057, this is the most galling aspect of his case: If he'd really wanted to pirate porn, he could have done it undetected.

"There needs to be a reasonable effort to prove guilt," he says. "They're accusing me because of an IP address? Please. I could go on the Web right now, and in a few seconds I could make it appear as though my IP address was coming from Russia. It's that easy."

« Previous Page
Next Page »