The RIAA is firing back at Jane Doe without addressing the central issue in her challenge. Rather than confront the questions around due process, privacy, and freedom of association, the recording industry cartel has resorted to cheap character assassination, calling Jane Doe a "shoplifter" who was "hardly an unwitting...participant in the events that involve her computer."
The RIAA is claiming that their analysis of Jane Doe's files proves that she downloaded them from a peer to peer network. Using MD5 hashes (essentially a numerical representation, or fingerprint, of the contents of a file) and metadata such as ID3 tags, the labels are claiming to have found files on Jane Doe's hard drive that were known to have been traded on Napster.
[Ed: I have a question here: wouldn't two files ripped from the same CD with the same encoder settings (for example, the factory defaults for iTunes) and the same ID3 tags (obtained from some service, say, Gracenote's CDDB) be identical, and thus give you the same MD5 hash? They'd have to be perfect to the last bit, so no encoding errors, but it seems plausible]The issue of where Jane Doe obtained her files is an odd one for the RIAA to raise, since they appear to be prosecuting distributors rather than downloaders. It also has no bearing on the issue at hand: whether their subpoena violate's Jane Doe's right to due process, privacy, and anonymous association. The only reason for the RIAA to mention these details of their investigation would be to damage the reputation and perception of Jane Doe by the public.
No doubt, these findings will make their way into some legislator's arguments for stiffer penalties to fight the scourge of online piracy.
