The RIAA launched a new website recently: P2P Lawsuits. It's a one stop shop for anyone who has been sent a letter from the RIAA. They make it nice and easy to pay them their extortion... er, settlement money.
The most interesting part of the site, I think, is their FAQ.
In particular, I like this question the most:
Q: If I have Wi-Fi at home, how can you be sure it was me who did the downloading?
A: The fact that a wireless connection is involved does not mean that the individual engaging in copyright infringement cannot be identified. Cases are routinely pursued where a wireless connection is involved.
This is a total lie.
From the data that they have collected (essentially, logging onto a p2p network and downloading one or more files from you) - they have absolutely no way to know which computer in your house, or worse, which computer in your apartment building was using the Internet connection.
If you are dumb enough to accidentally share your home movies/homework folder too, and they download your World History final exam - then they may be able to claim that you are the evil-file sharer.. However, with just an IP address, they don't have anything.
Why are they lying? Because by stating this, they may get people to settle who would otherwise have a pretty reasonable defense.
Yes, there have been timing attack papers in the past few year (Kohno et all, in particular), and there are ways of fingerprinting a remote OS, even passively. However, none of these techniques will reveal which specific computer was using a wifi connection.
The RIAA are liars. Plain and simple.