Slashdot Mirror

Hello ye old purveyor of facts:

Feast thy eyes on this little article then

http://www.theregister.co.uk/2005/11/09/sony_drm_w ho_cares/

I'll quote the most delicious sentence ""Most people, I think, don't even know what a rootkit is, so why should they care about it?" he huffed." as said by The President of Sony BMG's global digital business division Thomas Hesse.

The article also goes on about the damages

And this article

http://www.eff.org/IP/DRM/Sony-BMG/

Also gives some nice info on the Rootkit case.

But you mentioned damages, let's take a look at this article

http://www.securityfocus.com/brief/34

It tells about the ruckus the rootkit caused that made cheating in games such as World of Warcraft a lot more difficult to detect, impossible at that time even (don't know if it can be now), Blizzard probably lost customers over this, they had to program pieces of extra security software like "the Warden" to check for known cheating/botting programs, costs I don't think that will be covered by the nice chaps at Sony.

So don't mind me if I agree with the other poster on the opinion that you are a fanboy, nothing wrong with that, your choice, but don't feign innocence.

http://www.eff.org/legal/cases/Lexmark_v_Static_Co ntrol/20030108_lexmark_v_static_control_components .pdf

There's the ruling. Far as I'm aware it was a copyright misuse decision. They were trying to use copyright to do something other than prevent distribution (lock out competitors). Triviality didn't come into it.

You could always use tor to talk to the tracker.

Not that that is much better, but it is not as bad as it looks. At least it is realy directed at copyrighted material, not at the protocol in itself.

Some information on the tool they most likely will be using and the thoughts about that tool
http://www.eff.org/share/audible_magic.php
http://www.eff.org/share/audible_magic.php?f=audib le_magic_letter.html
http://www.eff.org/share/audible_magic.php?f=audib le_magic2.html

They claim is that they can filter 70%. That means that can't filter 30%. Let's see how fast that 30% becomes 100% and still have the same amount of download.

Not that that is much better, but it is not as bad as it looks. At least it is realy directed at copyrighted material, not at the protocol in itself.

Some information on the tool they most likely will be using and the thoughts about that tool
http://www.eff.org/share/audible_magic.php
http://www.eff.org/share/audible_magic.php?f=audib le_magic_letter.html
http://www.eff.org/share/audible_magic.php?f=audib le_magic2.html

They claim is that they can filter 70%. That means that can't filter 30%. Let's see how fast that 30% becomes 100% and still have the same amount of download.

Not that that is much better, but it is not as bad as it looks. At least it is realy directed at copyrighted material, not at the protocol in itself.

Some information on the tool they most likely will be using and the thoughts about that tool
http://www.eff.org/share/audible_magic.php
http://www.eff.org/share/audible_magic.php?f=audib le_magic_letter.html
http://www.eff.org/share/audible_magic.php?f=audib le_magic2.html

They claim is that they can filter 70%. That means that can't filter 30%. Let's see how fast that 30% becomes 100% and still have the same amount of download.

If you enjoy rolling stones uphill, be my guest. You'll have to block "random" IP addresses all over the planet.

I dunno if you know how TOR works. If not, here you can find the specs. And the program. And the proxy, in case you want to participate and become a proxy, too.

My question would be how it knows you don't have an original copy of the materials in question?

Your answer is that it doesn't matter, they'll come after you anyway.

Are you innocent? They don't care. It's completely irrelevant, because you'll be given a choice: Pay us a couple of thousand dollars and this will be over with, or go hire a lawyer that is much more expensive and defend yourself. Pay attention the the news here, and read up on their tactics. The RIAA/MPAA has a history of going after people that it knows are innocent.

If you choose option #2, you'll waste all kinds of time and money, possibly even face financial ruin as a result of paying dozens of thousands of dollars. In the end, after the RIAA/MPAA's lawyers have extracted as much money from you as they can, the RIAA/MPAA will drop their case. It will all just silently go away, except for the bills from the lawyers.

You've mistakenly assumed that it's all about your guilt or innocence as an individual person. The real point is to keep up appearances for their extortion ring to continue to be effective. The real point is to scare the shit out of people so badly that whether you're innocent or guilty, you'll still pay up.

Let's not fool ourselves, this is organized crime, plain and simple, except that for now, it's still legal. (Organized "Legal," I guess you'd call it.) What can you do about it? Well, if the thought of paying a lawyer to defend you and, if you actually want damages from the RIAA/MPAA for screwing around with you, paying $114,000 to a lawyer (the amount that is at stake in the most famous to date case of Capitol v. Foster), then you need to support organizations dedicated to changing the laws to make this type of extortion illegal. I would suggest the Electronic Frontier Foundation, who has a pretty good record of success, but at the very least, you need to write to your Congresscritters and let them know that the current situation is unacceptable.

The article uses the terms "piracy" and "illegal". That may be libel. It's an explicit accusation of criminal activity where there is none. See SCC vs. Lexmark. As the Court of Appeals for the Sixth Circuit ruled,

Generally speaking, "lock-out" codes fall on the functional-idea rather than the original-expression side of the copyright line. Manufacturers of interoperable devices such as computers and software, game consoles and video games, printers and toner cartridges, or automobiles and replacement parts may employ a security system to bar the use of unauthorized components. To "unlock" and permit operation of the primary device (i.e., the computer, the game console, the printer, the car), the component must contain either a certain code sequence or be able to respond appropriately to an authentication process. To the extent compatibility requires that a particular code sequence be included in the component device to permit its use, the merger and scènes à faire doctrines generally preclude the code sequence from obtaining copyright.

The key concept here is that you can't copyright a working part. Lexmark lost on this one, and third party printer cartridges are thus legal. In fact, Lexmark is facing an antitrust case over this.

Remember folks, although the remote attestation features of TCPA could be used by online services to force you to use a particular "trusted" application/OS stack, locking you in to a configuration like "IE on Vista", that's not why they are there.

The point of TCPA isn't to enforce DRM or strengthen software monopolies. It's all about things that benefit you, like preventing cheating in online games, and... erm... many other things.

TCPA is a misunderstood technology. The EFF, the FSF and security experts are just making a knee-jerk reaction to something that they don't understand. Let me explain:

1. TCPA doesn't take away your ability to run whatever software you want. If every online service requires you to use (say) Vista, and uses TCPA to enforce this, you can just opt out of the Internet entirely and carry on running Linux or .*BSD or whatever. It's your choice.

2. TCPA doesn't spy on you, although it might be used to prevent you modifying software that does. But then you can just opt out of using that software. Again, it's your choice.

So, say yes to TCPA! Like atomic bombs and subdermal RFID chips, the technology isn't inherently evil, and it will certainly never be abused to reduce competition in the software marketplace, preventing free software interoperating with online services.

* AFAIK, making wasteful products is not illegal.

* The antitrust argument might have some merit, but I'm not sure if it is good enough to take to court.

* Finally, I've found a case about DMCA and printer cartridges that has already be decided in court:
http://www.eff.org/legal/cases/Lexmark_v_Static_Co ntrol/20041026_Ruling.pdf
Here, Lexmark failed with a lawsuit against a company that reverse engineered its cartridges.

The current version of Privatunes blanks out the name and Apple ID/email fields from iTunes Plus files, but it doesn't remove all of the fields that Apple, or a litigant subpoenaing Apple, could use to identify a user. There are two of those, marked sign and chtb, which I posted about here.

There are some other differences between copies of a track purchased by different users, but they're only a byte or three here and there. Probably still worth blanking. vbindiff on *nix (or a similar hexdiff program for other platforms) will show you these fields.

From the summary (with emphasis added):

"Last month's revelations that the DRM-free files sold by EMI on iTunes Plus came with user's full name and account e-mail embedded in them had raised serious privacy concerns."

Serious privacy concerns? You want serious concerns, subscribe to the EFF's mailing list. If Apple was embedding your credit card or social security number in the file, that'd be serious. Or did you perhaps mean to write "raised ridiculous privacy concerns"?

They've been using AT&T's electricity for that. http://www.eff.org/news/archives/2007_06.php

I'm guessing it's analysis and decryption they'd be doing on their own dime.

But there are tons of great short clips that are commercially owned. 99% of my YouTube visits pre-Google acquisition were for clips of old cartoons, music videos and bits from news and TV shows.

These days, on one end there is huge negative buzz among content owners against YouTube and on the other end Google is scrambling to make tools to automate content removal and make it more accurate and efficient. The founders are insisting that the attraction of YouTube has always been skateboarding dog and burping baby videos.

With most of the good stuff getting yanked YouTube is quickly becoming useless. You can't even view important historical events or pop culture items there anymore. All that will remain by next year will be a bunch of self-absorbed jerks with webcams.

Only people against the president have been claiming this is wantum spying on regular people.

Nothing could happen in Iraq or Afghanistan to end the war on terror. Those are just two little corners of the world. We are not going to eliminate the risk of another attack against the US, ever. Total security is a myth. We don't need Presidents for the next 20 years claiming arbitrary authority based on some vague resolution passed in the panic right after 911, when it seemed possible that a larger enemy capable of waging a sustained campaign against us might exist.

ICBM : Intercontinental ballistic missile .

you may donate that $100 to EFF http://eff.org/ :-)

on a more serious note though : just because they can't use the codes , doesn't mean there is no threat in it .
In matters like this , it's better to be paranoid . If thisq can happen , they are not paranoid enough .

That only works if you do business in Finland. If you do business in just about any other country (particularly in the US) the judge is going to look at you funny and tell you that you have a fool for a lawyer.

IAmNotALawyer; I just argue with them. The DMCA says

a technological measure "effectively controls access to a work" if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.

So, on what basis would you argue that decoding a DVD "requires the application of information, or a process or a treatment, with the authority of the copyright owner"?

Here's how I submitted the story a few days ago:

At Volokh, Professor Orin Kerr notes a 6th circuit decision (pdf) about whether the 4th Amendment's expectation of privacy applied to Yahoo emails. Yes. Wired has more. EFF's friend of the court brief may have helped.
--
Meanwhile Dr. Kerr has more on the case, here.

I thought this balanced out to "States Secret", or better put, "You get privacy until we decide you don't need it"

http://www.eff.org/legal/cases/att/

Unlike ISPs, which have either knuckled under or put up a very weak defense of their users,

But please leave me (as an adult) the option to view all images.

Don't miss out on this great offer! act now and save!

Just another reminder to geeks with bucks, please donate to The EFF who filed am amicus brief on this subject. This group does a great job of educating these judges, and without them the government would likely stomp all over the constitution without opposition.

Anyway, that '100's of billions of dollars' comment annoys me because ...
"The total annual gross revenues of the music industry today are estimated at $11 billion."http://www.eff.org/share/collective_lic_w p.php

So the music industry is just bullshitting to be talking about loses that are an order of magnitude higher than the total industry gross. While if you want to talk about Hundreds of Billions being stolen we should talk about things like insurance fraud, corporate embezzelment, and public corruption.

"White-collar crimes cost the United States more than $300 billion annually according to the FBI."http://www.karisable.com/crwc.htm

So guess what's coming...

Content Protection and Copy Management (documents, EFF critique) a sort of super-DRM that applies not only to a single TV receiver, but pervades every device to which the protected content might be copied. Although there are reassuring words about this regime only applying to "premium" content, all the mechanisms are there to disable recording, restrict the number of devices having access to the content simultaneously and cause the content to evaporate after a certain period of time. So the broadcasters are clearly thinking about how to preserve their income stream.

Of course, we shouldn't be surprised, even public broadcasters are getting addicted to rights-management. Although you can make a perfectly good permanent copy of an off-air MPEG programme stream from any BBC broadcast, if you're part of the BBC's iPlayer pilot you donate your Internent bandwidth to their P2P service and in return receive a Windows Media file of the same programme at one quarter of the resolution which self-destructs 7 days after you first play it. It's not quite clear who this is protecting now, but it's not a great leap to suggest that unencumbered recording is now seen as an historic error by the controlling suits.

Of course, if you want TV programmes in their traditional sense, they have to be paid for somehow. The BBC, despite their current DRM frenzy, are guaranteed an income from the TV licence fee (or at least until the government decides otherwise). Advertising revenue is, though, inexorably dropping. In the UK the rules for commercial broadcasters were relaxed to permit sponsorship and, in future, product placement, but that's not going to make a huge difference to lower-profile content. There's also been a major scandal over the use of premium-rate phone lines which have been used to supplement the income stream of a wide range of programmes under the flimsy pretext of "interactivity". So the advertising model may well be doomed.

There are payment models which continue to work: pay per view (the traditional cinema model), subscription (eg cable, satellite) and the reviled but suprisingly resilient TV licence. If advertising-supported TV no longer makes economic sense, it might mean the end of broadcast TV as it's know in the USA, but it's not necessarily the end of broadcast TV in countries which have other ways of funding free-to-air television.

I suspect that applying DRM to try to shore up a declining industry is more likely to kill it off quickly, though!

Why is it people can't stop making fun of Ted Stevens? Sure, he made a poorly worded analogy. Big deal - the internet had been compared to plumbing before, would you like to rag on these guys too?

What I find most disgusting though is even though this one event seems ingrained in geek memory, these same geeks conveniently forget when Ted Stevens came out on our side. Personally, I think Americans would be better off if you had more politicians like him in office.

faster then NYCL ;-)
texas it was
In re Cases Filed by Recording Companies, W.D. Texas, Austin Division (2004)
http://www.eff.org/IP/P2P/RIAA_v_ThePeople/2004111 7_austin_severance_order.pdf

I'm looking at the links you sent, and comparing them to the EFF page, on HR 811 and I think you are being misled.

The Brad Blog you link to has a porn ad at the top, a bunch of attempts to discredit people by assocation, and poorly photoshopped heads of various villains. Their article on the bill doesn't say anything bad about the bill itself: It just says that it isn't as good as the original bill that was proposed. That's not a reason to vote against the bill. In some cases it directly conflicts with the EFF's reading of the bill. Brad's blog says that HR 811 "prohibits" disclosure of the source - while the EFF's reading says it "allows" disclosure if the states choose to do so, which is no worse than what we have now. I believe the EFF reading is correct.

The Election Defense Alliance page makes a good use of red, white, and blue colors to look patriotic. But they seem to do nothing other than name calling using things like "The Patriot Act of Elections" which doesn't add any meaning to the discussion. I suspect that this page is a phony grassroots page. For example, in their Article on HR 811 under section 7 they explain how releasing the source code doesn't improve security. Any Slashdot reader can see through this logic. Several of the points in the article are listed under the "misconceptions and misrepresentations" section of the EFF article. That is another reason I suspect the Election Defense Alliance articles to be phony - they seem to be scaremongering.

I'm looking at the links you sent, and comparing them to the EFF page, on HR 811 and I think you are being misled.

The Brad Blog you link to has a porn ad at the top, a bunch of attempts to discredit people by assocation, and poorly photoshopped heads of various villains. Their article on the bill doesn't say anything bad about the bill itself: It just says that it isn't as good as the original bill that was proposed. That's not a reason to vote against the bill. In some cases it directly conflicts with the EFF's reading of the bill. Brad's blog says that HR 811 "prohibits" disclosure of the source - while the EFF's reading says it "allows" disclosure if the states choose to do so, which is no worse than what we have now. I believe the EFF reading is correct.

The Election Defense Alliance page makes a good use of red, white, and blue colors to look patriotic. But they seem to do nothing other than name calling using things like "The Patriot Act of Elections" which doesn't add any meaning to the discussion. I suspect that this page is a phony grassroots page. For example, in their Article on HR 811 under section 7 they explain how releasing the source code doesn't improve security. Any Slashdot reader can see through this logic. Several of the points in the article are listed under the "misconceptions and misrepresentations" section of the EFF article. That is another reason I suspect the Election Defense Alliance articles to be phony - they seem to be scaremongering.

While I think this issue is important, I personally haven't had the time to devote to really look at all the angles. I do know that this bill is supported by the EFF, computer scientist and e-voting critic Prof. Ed Felten and Ars Technica among a vast number of others. While the bill is by many accounts imperfect, the provisions for auditing and verification are a vast improvement on the current state of affairs, where we use black box machines and can have no confidence that our votes are tallied as they were cast. So I support the bill.

I think there's a reasonable argument to be had about whether we aren't better off just using paper (for reasons of transparency), but the point is that that argument can be had completely independantly of this bill. This bill clearly improves the current situation with electronic voting machines (DREs), and has no effect on whether or not you have to use DREs. From the EFF pages in support of H.R. 811:

An outright ban on DREs may or may not be possible with this Congress, but it is irrelevant to whether or not this bill should pass. Rep. Holt's strategy -- to convince Congress of the need to improve transparency in U.S. elections, regardless of technology -- is a sound one, one that many volunteers have expended extraordinary efforts to bring to fruition and one that could be on the verge of succeeding. Nothing has prevented or currently prevents now-vocal critics who are calling for an outright DRE ban from going through the process of drafting the appropriate legislative proposal and then soliciting the necessary support for it. But attempting to derail or hijack HR 811 as a vehicle to ram through an unlikely-to-pass DRE ban unnecessarily risks the passage of other important substantive requirements. And once again, nothing in HR 811 prohibits states from limiting the use of DREs of any kind or banning them altogether.

Moving to defeat this bill because you oppose electronic voting is foolish. It is a situation the perfect being the enemy of the good. This is something activists on many issues fall prey to that keeps them from being effective.

While I think this issue is important, I personally haven't had the time to devote to really look at all the angles. I do know that this bill is supported by the EFF, computer scientist and e-voting critic Prof. Ed Felten and Ars Technica among a vast number of others. While the bill is by many accounts imperfect, the provisions for auditing and verification are a vast improvement on the current state of affairs, where we use black box machines and can have no confidence that our votes are tallied as they were cast. So I support the bill.

I think there's a reasonable argument to be had about whether we aren't better off just using paper (for reasons of transparency), but the point is that that argument can be had completely independantly of this bill. This bill clearly improves the current situation with electronic voting machines (DREs), and has no effect on whether or not you have to use DREs. From the EFF pages in support of H.R. 811:

An outright ban on DREs may or may not be possible with this Congress, but it is irrelevant to whether or not this bill should pass. Rep. Holt's strategy -- to convince Congress of the need to improve transparency in U.S. elections, regardless of technology -- is a sound one, one that many volunteers have expended extraordinary efforts to bring to fruition and one that could be on the verge of succeeding. Nothing has prevented or currently prevents now-vocal critics who are calling for an outright DRE ban from going through the process of drafting the appropriate legislative proposal and then soliciting the necessary support for it. But attempting to derail or hijack HR 811 as a vehicle to ram through an unlikely-to-pass DRE ban unnecessarily risks the passage of other important substantive requirements. And once again, nothing in HR 811 prohibits states from limiting the use of DREs of any kind or banning them altogether.

Moving to defeat this bill because you oppose electronic voting is foolish. It is a situation the perfect being the enemy of the good. This is something activists on many issues fall prey to that keeps them from being effective.

The Electronic Frontier Foundation has written an analysis of this bill that is very useful, quick to read, and well... correct.

http://www.eff.org/deeplinks/archives/005308.php

I have been following the issue of election theft and computerized voting very closely for years, and I say that this bill is our best hope of fixing the elections system. It isn't perfect but compared to what we have now it is an incredible improvement. I'm also not claiming that this will fix any of the other ills of our political system, but this is a critical element to saving our democracy. PLEASE PLEASEPLEASEPLEASEPLEASE call or write your representative and beg, plead, implore them to support this bill.

http://www.house.gov/writerep/

What does it do?
Requires voter verified paper ballots. The physical paper ballot is the official legal record of the vote instead of some bits in a Windoze PC.

Requires manual audits of 3-10% of randomly selected precincts. This is by far the most important part of the bill because this is the tool that can be used to detect fraud. Note, audits are currently extremely uncommon even in the cases of recounts or close elections. In many cases audits are impossible because the data needed is lost in the electronic counting process.

Would require release of source code of some portions of the voting software to certain people. Okay obviously this is a compromise between opening the source, trade secret concerns, and the practical fact that MS isn't gonna release the source to Windows or Access, which many of these systems are based upon. Still if Slashdot readers don't get that this is a step in the right direction then no one will.

An easy way to get around the firewall is to install Tor (http://tor.eff.org/) or run your own proxy service (this is how I am getting around it).

News.com has a pretty good article describing the basics of how the firewall works at http://news.com.com/2100-7348_3-6090437.html, while Wikipedia has more technical specs than the News.com article, http://en.wikipedia.org/wiki/Internet_censorship_i n_the_People's_Republic_of_China, as long as you can get to Wikipedia.

Wired News, with help from some readers, attempted to get real answers
from the largest United States-based ISPs about what information they
gather on their customers' use of the internet, and how long they
retain records like IP addresses, e-mail and real-time browsing
activity. Most importantly, we asked what they require from
law-enforcement agencies before coughing up the data, and whether they
sell your data to marketers.

http://www.wired.com/politics/onlinerights/news/20 07/05/isp_privacy

But after negotiations with AT&T, EFF has filed newly unredacted documents describing a secret, secure room in AT&T's facilities that gave the National Security Agency (NSA) direct access to customers' emails and other Internet communications. These include several internal AT&T documents that have long been available on media websites, EFF's legal arguments to the 9th Circuit, and the full declarations of whistleblower Mark Klein and of J. Scott Marcus, the former Senior Advisor for Internet Technology to the Federal Communications Commission, who bolsters and explains EFF's evidence.

"This is critical evidence supporting our claim that AT&T is cooperating with the NSA in the illegal dragnet surveillance of millions of ordinary Americans," said EFF Legal Director Cindy Cohn. "This surveillance is under debate in Congress and across the nation, as well as in the courts. The public has a right to see these important documents, the declarations from our witnesses, and our legal arguments, and we are very pleased to release them."

http://www.eff.org/news/archives/2007_06.php

Open Source needs to find some way to infiltrate corporate America, because these bastards are really giving it to us in the ass. Then again, that's just good business, and 99% of the people seem to like it.

I guess I should just admit I think democracy and capitalism are as insane as communism and autocracy.

[ http://www.eff.org/news/archives/2007_06.php#00530 4 ]

This is not surprising in the least. AT&T has a dishonourable history of sticking it to the consumer whenever anyone asks them to.

Most notable is the current lawsuit against them alleging collusion with the NSA in massive illegal domestic wiretapping.

Sponsored by AT&T

You mean "the new at&t" don't you? It's lowercase now so it's less threatening!

...to the NSA

Here you go!

http://www.eff.org/deeplinks/archives/005292.php

It turns out that the things that were so interesting before turned out to be a JPEG image of the album art and some meta data that iTunes uses to jump around in the song. They do mention that each song appears to be signed though.

This guy is a public figure. In order to successfully claim libel, he must prove malice. An algorithm can't have malice against him in particular.

This guy is a public figure. In order to successfully claim libel, he must prove malice. An algorithm can't have malice against him in particular. This guy is out of his depth. To paraphrase an old saying in the legal profession, a lawyer who represents himself is an idiot.

Maybe, if you're an idiot and don't take the proper steps. For example, if you go through Tor or I2P or some other anonymizing network you should be okay. Matter of fact, I predict a huge spike in the size of such networks. Mark my words, folks, the term Onion Router is about to become part of the popular lexicon.

Let's hope they scale well.

EFF is already suing AT&T, so if anybody ever wanted to support them, now is the perfect time to send in a donation. If there's anybody who even has a chance at winning against the government (or their corprorate slaves) then I think EFF are the ones.

I think the best a savvy 'net user can do these days is to give up on the hope that someone else is going to protect you and take matters into their own hands. That's why projects such as Tor are so important, not just for Chinese dissidents and child pornographers, but for average citizens like you and me who might not want the whole world to know that we are buying books on dealing with grief or surfing internet dating sites. Because we can't rely on the government to protect us when the interests of Big Business run counter to our own.

You: We can beat city HALL! Wahhhh!

Seriously, when did RIAA proove THEY are not in violation of law with those spurious law suites of theirs?
I suggest we at least try to defend ourselves from abusive legal practices! Who's to say the practices of RIAA is not more destructive than file sharing - which has shown to actually increase music sales and artist recognition to a former buying audience!

Maybe, instead of suing people for all they are worth, a simple ethics class in primary school would ensure that any music downloaded and enjoyed would be purchased. That's high quality economics - not the pseudo date rape tactics of RIAA and similar organizations!

References:
1) http://www.cs.princeton.edu/~felten/boorstin-thesi s.pdf
2) http://arstechnica.com/news.ars/post/20070212-8813 .html
3) http://www.eff.org/IP/DMCA/Felten_v_RIAA/
4) http://www.heritage.org/Research/InternetandTechno logy/bg1790.cfm


nuff said, cheers!