KLINEDINST PC 501 West Broapway, Surre 600 SAN DIEGO, CALIFORNIA 92101
Case 2)].2-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 1of9 Page ID #:2375
1 || Heather L. Rosing, Bar No. 183986 David M. Majchrzak, Bar No. 220860 2 || KLINEDINST PC 501 West Broadway, Suite 600 3 || San Diego, California 92101 (619) 239-8131/FAX (619) 238-8707 4 || hrosing@klinedinstlaw.com | dmajchrzak@klinedinstlaw.com 5 uprneys for | 6 || PAUL DUFFY, ANGELA VAN DEN HEMEL, and PRENDA LAW, INC. 7 | 8 UNITED STATES DISTRICT COURT 9 CENTRAL DISTRICT OF CALIFORNIA 10 11 || INGENUITY 13 LLC, / Case No. 2:12-cv-8333-ODW(JCx) 12 Plaintiff, DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER i | V. TO SHOW CAUSE 14 JOHN DOE, Judge: Hon. Otis D. Wright, I] Magistrate Judge: Hon. Jacqueline Chooljian 15 Defendant. Courtroom: a Date: April 2, 2013 16 Time: 10:00 A.M. Ls Complaint Filed: September 27, 2012 Trial Date: None set 18 | 19 I, Joshua Chin, declare as follows: 20 |. I am over the age of 18 years and the Executive Director of Net Force, 21 || an internet and information systems security and forensics investigation company, 22 || based in the City of Industry, California. 23 2. Ihave personal knowledge of the following facts and expert opinions 24 || and, if called upon as a witness, could competently testify thereto, except as to 25 || those matters which are explicitly set forth as based upon my information and 26 || belief and, as to such matters, I am informed and believe that they are true and 27 || correct. 28
| -1- DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE |
KLINEDINST PC 501 West Broapway, Surte 600
Case 2/12-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 20f9 Page ID #:2376
l 3. [hold the following relevant certifications for my profession: 2 a. NSA NSTISSI 4011 — National Training Standard for Information 3 System Security Systems Professional. + b. NSA CNSSI 4012 — National Information Assurance Training 5 Standard for Senior Systems Managers. 6 || 4. I am a member of the following Professional Associations: 7 | a. High Tech Crimes Investigator Association (HTCIA) 8 | b. Information Systems Audit and Control Association (ISACA) 9 c. Open Web Application Security Project, Los Angeles (OWASP- 10 LA) 1] d. FBI Infragard, Los Angeles 12 e. United States Secret Service, Los Angeles Electronic Crimes Task 3 Force 14 5. [have competed for and received the following awards relevant to my
SAN DIEGO, CALIFORNIA 92101
15 || industry:
16 | a. 2°° place in Computer Forensics — 2010 Information Technology 17 Competition
18 | b. 2" place finalist — 2012 Symantec Cyber Readiness Challenge, 19 Irvine, California.
20 c. 3™ place finalist — 2013 Symantec Cyber Readiness Challenge, 21 Mountain View, California.
22 6. I have engaged in research and delivered numerous presentations to 23 || companies, universities, and trade associations engaged in electronic security
24 || measures and computer forensics throughout the country. Examples include Cal- 25 || Poly Pomona, the High Tech Crimes Investigation Association International
26 || Conference, and the Information Systems Audit and Control Association.
27 7. I graduated from California State Polytechnic University, in Pomona, 28 || California, with a Bachelor of Science in Business Administration and major in
ne ae DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 501 West BroaDway, SuITte 600
Case 2){L2-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 30f9 Page ID #:2377
SAN DieGo, CALIFORNIA 92101
ee
a Wo No — ©
Oo won Dn WA & WY
Computer Information Systems. 8. I was requested by counsel for Prenda Law, Paul Duffy, and Angela Van Den Hemel to research and provide an objective analysis on the following topics: a. Whether the IP address tracking protocol described by Peter Hansmeier in his declaration filed in the matter entitled ngenuity 13, LLC v. John Doe, assigned case number 1:12-cv-04238 by the United States District Court for the Northern District of Illinois, Eastern Division, was reasonable for purposes of identifying IP addresses whose users were found to be engaged in the unauthorized down- and uploading of copyrighted work; and b. The best and most reasonable means by which to identify the user of the IP address responsible for the unauthorized down- and uploading of copyrighted works. Information Reviewed and Research Conducted 9. I reviewed the following documents as part of my research into the topics on which I was to provide my analysis and opinions: a. The Declaration of Peter Hansmeier filed in the matter entitled Ingenuity 13, LLC v. John Doe, assigned case number 1:12-cv- 04238 by the United States District Court for the Northern District of Illinois, Eastern Division; b. This Court’s February 7, 2013, Order to Show Cause re Sanctions for Rulel 1 and Local Rule 83-3 Violations; c. Pleadings, declarations, and exhibits filed on behalf of Brett Gibbs and in response to the Court’s February 7, 2013, Order to Show Cause re Sanctions for Rule 11 and Local Rule 83-3 Violations; d. Pleadings, declarations, and exhibits filed on behalf of the putative John Doe by Morgan Pietz, said documents filed in response to the
3 ~ DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 501 West Broaoway, Surte 600 SAN DIEGO, CALIFORNIA 92101
Case 2)1.2-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 4of9 Page ID #:2378
l Court’s February 7, 2013, Order to Show Cause re Sanctions for
BA Rule 11 and Local Rule 83-3 Violations; and
3 e. Various peer-reviewed research papers, abstracts, law journal
4 | articles, and newspaper articles regarding the economic impact of
5 internet piracy and statistics pertaining to the pervasiveness of
6 internet piracy.
7 10. In addition, I consulted with industry experts and employees
8 || concerning the subject matters for which I was asked to opine.
9 | Expert Conclusions and Opinions 10 11. The protocol described by Peter Hansmeier in his declaration and a 11 || similar protocol described in Brett Gibbs’s Response to the Court’s February 7, 12 || 2013, OSC, at page 13, to identify IP addresses that were engaged in the unlawful 13 || down- and uploading of copyrighted material in a Bit Torrent swarm are a 14 || reasonable means by which to identify the IP addresses. 15 | 12. My experience with Internet Service Providers (“ISPs”) is that they 16 || will not voluntarily provide an investigator with the name or contact information of | 17 || a subscriber whose IP address was identified as unlawfully down- and uploading 18 || copyrighted materials. Based on this experience, and in order to assist my client in 19 || defending against unlawful infringement of its works, I would recommend that the 20 || client retain an attorney and seek discovery via the courts. 2] 13. I have reviewed the procedures described in the Declaration of Brett 22 || L. Gibbs in Support of Response to February 7, 2013, OSC, at paragraphs 26-42 23 || regarding his attempts to identify the actual infringers associated with the IP 24 || addresses identified by Peter Hansmeier. I believe Mr. Gibbs engaged in 25 || reasonable efforts to identify the infringers and simply ran into the inevitable 26 investigative limitations arising from conduct that more times than not is 27 || conducted in secrecy and in the privacy of one’s home. I have recited further 28 || limitations in paragraph 16 below.
| 4. DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 501 West BroaDway, Surte 600 SAN DIEGO, CALIFORNIA 92101
Case 2/12-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page5of9 Page ID #:2379
l 14. IfI have reservations concerning any part of Mr. Gibbs’s declaration
2 || regarding his attempts to identify infringers, it would pertain to his conclusions
3 || regarding the accessibility of the subscribers’ wireless signals (paragraphs 31 and
4 || 38). My concerns are that certain routers have more range than others and the
5 | position of the routers within the homes would impact the range that the routers’
6 || signals could reach outside of the structures. Therefore, Mr. Gibbs might or might
7 || not be correct in his conclusions that the wireless networks were inaccessible to
8 || others outside the home. But, as discussed in paragraph 16 below, the fact that
9 || there is one or more wireless signals present in any given area provides little useful 10 || information, as one would have to illegally log onto the wireless networks to 11 || determine the identity of the network’s owner, and even then, the pervasive use of 12 || dynamic IP addresses means that one who unlawfully logs onto a network to obtain 13 identifying information likely will not find the same IP address as previously 14 || assigned to the subscriber. Given these facts, I do not consider Mr. Gibbs’s I> || somewhat lay comprehension of wireless routers to be material to the issue of the 16 || reasonability of his identification efforts. 17 15. I have also reviewed the letters Mr. Gibbs sent to Defendants David 18 || Wagar and Marvin Denton (Exhibits 2-5 to the Gibbs’s Declaration) and find that 19 || the investigatory procedures outlined by Mr. Gibbs, in the event that Mssrs. Wagar 20 || and Denton were not forthcoming with information concerning potential infringers 21 |) using their networks, were reasonable. If the subscribers are not forthcoming 22 about whether they have secured wireless networks, whether they or anyone with 23 || access to their networks had unlawfully downloaded the client’s copyrighted work, 24 || or whether they or anyone with access to the networks were online at the time of 25 || the infringement, a forensic inspection of the subscribers’ computers is appropriate 26 || to determine these questions. As noted by Mr. Gibbs, he had dismissed lawsuits in 27 || which subscribers informally provided sufficient information to quell any concerns 28 || that they had engaged in piracy.
Be Ye DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 501 West BRoaDway, SuITe 600 SAN DIEGO, CALIFORNIA 92101
Case 2:112-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 6of9 Page ID #:2380
—
16. Having reviewed the Court’s February 7, 2013, Order to Show Cause | re Sanctions for Rulel 1 and Local Rule 83-3 Violations, I have concluded that the Court’s recommendation of an “old-fashioned stakeout” is based on erroneous data and protocols that inevitably will not lead to the type of information sought by the Court. In addition, the Court’s suggested protocol may lead to criminal sanctions. For example: a. Ina Bit Torrent swarm, only one electronic file is being distributed, and upon joining the swarm, the participant by default
becomes immediately both a receiver and distributor of the file
Co Oo YN DH UO S&S W BH
being traded.
b. Any participant in a Bit Torrent swarm can observe the size of the electronic file currently in possession of any other swarm participant.
c. Incomplete files possessed by anyone in the swarm can be viewed with free, online media players such as the VLC Player (http://www.videolan.org/). This player is so effective, local law enforcement, including but not limited to the Los Angeles District Attorneys’ High Tech Crimes Division and Riverside County’s District Attorneys’ Office, use the player in their efforts to prosecute criminal infringers. Use of the VLC Player has produced up to five seconds or more of images from a video file that had been the subject of no more than thirty seconds of downloading.
d. Students with access to university computer networks and a Bit Torrent swarm have downloaded full length, 2-hour Hollywood feature films in as little as 30 minutes.
e. Wireless networks, whether protected or unprotected, do not identify their assigned IP addresses or owners’ information unless
= DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 301 WEsT Broapway, Surte 600 SAN DIEGO, CALIFORNIA 92101
Case 2:12-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 7of9 Page ID #:2381
—
a user logs onto the network. Unauthorized entry onto a wireless
2 network, whether protected or unprotected, to my understanding is
3 || a violation of the Computer Fraud and Abuse Act. As such, I
4 | would not attempt to identify a network’s IP address by unlawfully
5 || logging onto the network.
6 f. Due to the pervasive use of dynamic IP addresses by ISPs, it is
7 highly likely that the IP address associated with an allegedly
8 || downloading subscriber will have changed by the time an
9 investigator reaches the subscriber’s home or place of business for 10 a Stakeout. I] g. In the last 2-3 years, ISPs that furnish wireless hardware with their EZ. | internet service and other wireless hardware manufacturers have 13 provided default protection modes for the networks created by 14 their wireless hardware. Thus, on the first day that a user plugs in 1S | his new wireless router, the network that is created is protected. 16 Although some of this hardware requires its owner to provide 17 || passwords to further protect the networks, the growing awareness 18 of wireless security options, combined with the default security 19 || protections, have significantly reduced the number of unprotected 20 residential wireless networks in the State of California and likely 21 across the nation. In my experience, a large majority of residential 22 networks in California are now protected. 23 h. Impediments such as building walls, foliage, and other structures, 24 both natural and man-made, can significantly weaken a wireless Z5 signal, thereby reducing its effective range by as much as 50%. 26 || i. Even if it was ascertained that the infringer’s network was 27 || protected, absent the unlikely scenario that an infringer downloads 28 and watches his pornography in the open or said infringer discloses
os Five | DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 501 West Broapway, Suite 600 SAN DIEGO, CALIFORNIA 92101
Case 2:112-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 8of9 Page ID #:2382
ee
his activities to a complete stranger (the investigator), there is still no legal method by which an investigator could with absolute certainty conclude that the identified subscriber was the only person in a residence or commercial building engaged in the downloading of copyrighted materials at any one time. 17. In addition, the time necessary for a traditional investigation greatly | prejudices any copyright owner’s efforts to protect its legal rights in its copyrights.
My research has disclosed that 500,000 movies are illegally distributed around the
oOo ony Dn UN SB WH WP
|| world each day.' The economic detriment to the movie industry alone is estimated 10 || to cost $447 million a year.” Pursuing lawsuits against individuals on the basis of 11 || time-intensive stakeouts, in lieu of available electronic means that provide
12 sufficiently similar, if not identical, information about multiple infringers, is
13 || unreasonable in my expert opinion and not in the best interests of a copyright
14 || owner who is attempting to stem the tide of pervasive piracy.
15 18. By way of example, CNN reported on April 2, 2013, that the recent 16 || season premiere of the award-winning “Game of Thrones” was downloaded by 17 || more than | million viewers on the first day after it had aired. The article goes on 18 |) to state the following: “At one point, more than 163,000 people were
19 |} simultaneously sharing a single torrent — a new record.” The 2012 season finale 20 | of “Game of Thrones,” a one-hour action-adventure show on the pay channel,
21 || HBO, was downloaded by 4.3 million people, and the series in general “was the 22 | most pirated show in 2012.”
23 || (http://money.cnn.com/201 3/04/02/technology/game-of-thrones-piracy/)
24 19. Whereas it would be virtually impossible to deploy 163,000
2 || investigators simultaneously to eavesdrop through windows to identify
vo Uniting to Fight Content Theft,” Ortman, Chris, Boxoffice 148:11 (November
| “ “Piracy or promotion? The impact of broadband internet enetration on DVD 28 || sales,” Smith, Michael D. and Telang, Rahul, School of Infgriaation Systems and Management, Carnegie Mellon University, April 2, 2010.
_Q- DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE
KLINEDINST PC 501 West BroapDway, SuITe 600 SAN DIEGO, CALIFORNIA 92101
Case 2:112-cv-08333-ODW-JC Document 108-1 Filed 04/08/13 Page 9of9 Page ID #:2383
contemporaneously with the swarm who each of the infringers were during the few minutes it would take to complete a download, it would be possible and more practical to identify the infringers through electronic means and subsequent court- sanctioned discovery. For the same reason, electronic investigation of AF Holdings’s and Ingenuity 13’s infringers is likewise, not only within the computer forensic community’s standard of care, but the overwhelmingly most common means of infringer identification.
20. By way of a second example, FOX Studios estimated for Variety
Magazine in May 2009 that its then-new release, “X-Men Origins: Wolverine,”
> © oo ~) ON UN & Ld oo —
—
which had been unlawfully leaked prior to its premiere, was illegally downloaded
11 4.5 million times in a month. BBC News estimated on April 1, 2009, that 75,000
j—— i
copies of the movie had been unlawfully downloaded in a 24 hour period after the
13 || leak. FOX estimated its losses due to this piracy approached $20 million.
15 I declare under penalty of perjury under the laws of the United States of
16 || America that the foregoing 1s true and correct.
18 Executed the Sh day of April 2013 at County of Los Angeles, California.
Joshua*Chin
|| 15508970v1
9. DECLARATION OF JOSHUA CHIN IN SUPPORT OF RESPONSE TO ORDER TO SHOW CAUSE