Slashdot Mirror

Granted _we_ all know the conclusion is obvious, but how many media exec's read Slashdot? We should thank the Frank Rich for the article and hope that it lights some idea bulbs in the massholes (marketing assholes) in the various "industry associatios". If to steal "content" (and I don't care for the word steal, as the cartels put it; they are really stealing from us) or to pay marks a consumer as "discriminating," then so be it. It's about time _someone_ gives _credit_ to "consumers" being "discriminating."

There's no video game rating similar to NC-17...

What about Adults Only? Content suitable only for adults. May include graphic depictions of sex and/or violence. Not intended for persons under the age of 18.

The way I see it, the M ESRB rating is closer to an R movie rating since both recommend being 17 or older.

You just don't see either the NC-17 or Ao rating that often since some stores don't carry either.

The RIAA needs to learn from the movie industry. Any really popular film that's on DVD can be found on Kazza, yet DVD sales are huge. The reason is DVD's contain tons of extras that can't be easily pirated and shared along with the movie.

That may be a reason but I don't know that it's the reason. The reason I have never bothered to download a single movie from a P2P network is because I don't care for watching it on my monitor. Plain and simple.

Music can easily be downloaded and burned to a CD and used in the same manner as if you bought the legal CD. With movies on the other hand it is not as simple to get the movie to your TV screen -- it can definitely be done, just not as easily as the equivalent with music.

Once DVD burners start coming standard with computers you will see a sharp increase in the number of films downloaded, I'm sure. And then we'll see if the MPAA doesn't raise a stink.

If Hilary Rosen did not make the policy, who did? Which particular people should we know about who are pulling the strings?

President Cary Sherman? The board of directors? Jack Valenti of the MPAA?

A smattering of opinions may be found linked to here. What exactly is aberrational behavior (page 5)?

As a poster noted on IMDB, the Wicker Man is probably the only movie that's ever been rated X (left unrated, essentially the same thing when it comes to movie-house or Blockbuster distribution) for its ideology: the Pagans aren't the bad guy, the Christian is.

So you've got a situation where the studios begin self-censoring, not producing movies with "controversial" stances, because they know an unkind rating will stifle distribtion. (Freedom of speech? You naive bastard! You had *fun* in high school civics, didn't you?)

to the courts.

Remembering that most lawyers and judges are not all that knowledgable about programming, SCO could use 80 lines of plagerism to claim that there is a much deeper pattern of copying and paraphrasing going on (disregarding the fact that the vast majority of kernel contributers have had no access to propietary kernel code of any type). And the courts are influenced by the political environment of the time.

I've begun to view the underlying issue here as not one of SCO's ownership of particular code, but more an issue of ownership in general. There is a school of thought that believes that ownership is a neccessary aspect of all things and that things (objects, ideas, actions) only have value if they are paid for. This philosophy has been touted by such notables as Thomas Hobbes, John Locke, Ronald Reagan, George W Bush and his father. For the user base of GNU/Linux to not see this lawsuit as the beginning of yet another battle in the struggle to curtail the free distribution of ideas (source code are ideas) among men and women would be a mistake. If SCO were to convince the court that the 80 lines of code somehow bestowed upon the Linux kernen a taint (trade secrets) that cannot be removed, then the court may be conned into believing that the kernel is in part owned by SCO and that the distribution of the code and/or binaries should be accompanied by the paying of royalty. In addition, there has been an increasing attitude towards Free Software and Open Sourse that these ideas somehow endanger the economy of the United States (ask around, you'll see what I mean).

The difficulties that Free Software and Open Source Software pose to implementation of manditory DRM (censorship )is interpeted as a threat to not only to the distributers of movies and music but also to the political and law enforcement industries that see media as a way to shape the opinions, ideas and beliefs of the American citizenry. For an example we need only to look at the media coverage of the 2000 presidential election results and the lack of criticism over the courts refusal to mandate a meaningful recount and the subsequent appointment of a George W. Bush by 5 Supreme Court Justices.

An other example would be the casting of the DeCSS code as a "piracy tool" by virtually every news source covering the dispute, when in fact, DVDs can and are pirated without the use of the DeCSS code by software that incorporates licensed code provided by the DVD makers (Expert Guides' DVD Copy. There has been little noise from the MPAA over this tool or software like it, and no mention of such software in media coverage of the DeCSS case.

If the courts are affected by a political stance that views Free Software as somehow being "bad" (for the economy, for national security, etc), then this case is not about 80 lines of code, but about Free Software in general. If the case is decided in favor of SCO, the court may decide on a remedy that is not as simple as removing the offending code.

--ptw

to the courts.

Remembering that most lawyers and judges are not all that knowledgable about programming, SCO could use 80 lines of plagerism to claim that there is a much deeper pattern of copying and paraphrasing going on (disregarding the fact that the vast majority of kernel contributers have had no access to propietary kernel code of any type). And the courts are influenced by the political environment of the time.

I've begun to view the underlying issue here as not one of SCO's ownership of particular code, but more an issue of ownership in general. There is a school of thought that believes that ownership is a neccessary aspect of all things and that things (objects, ideas, actions) only have value if they are paid for. This philosophy has been touted by such notables as Thomas Hobbes, John Locke, Ronald Reagan, George W Bush and his father. For the user base of GNU/Linux to not see this lawsuit as the beginning of yet another battle in the struggle to curtail the free distribution of ideas (source code are ideas) among men and women would be a mistake. If SCO were to convince the court that the 80 lines of code somehow bestowed upon the Linux kernen a taint (trade secrets) that cannot be removed, then the court may be conned into believing that the kernel is in part owned by SCO and that the distribution of the code and/or binaries should be accompanied by the paying of royalty. In addition, there has been an increasing attitude towards Free Software and Open Sourse that these ideas somehow endanger the economy of the United States (ask around, you'll see what I mean).

The difficulties that Free Software and Open Source Software pose to implementation of manditory DRM (censorship )is interpeted as a threat to not only to the distributers of movies and music but also to the political and law enforcement industries that see media as a way to shape the opinions, ideas and beliefs of the American citizenry. For an example we need only to look at the media coverage of the 2000 presidential election results and the lack of criticism over the courts refusal to mandate a meaningful recount and the subsequent appointment of a George W. Bush by 5 Supreme Court Justices.

An other example would be the casting of the DeCSS code as a "piracy tool" by virtually every news source covering the dispute, when in fact, DVDs can and are pirated without the use of the DeCSS code by software that incorporates licensed code provided by the DVD makers (Expert Guides' DVD Copy. There has been little noise from the MPAA over this tool or software like it, and no mention of such software in media coverage of the DeCSS case.

If the courts are affected by a political stance that views Free Software as somehow being "bad" (for the economy, for national security, etc), then this case is not about 80 lines of code, but about Free Software in general. If the case is decided in favor of SCO, the court may decide on a remedy that is not as simple as removing the offending code.

--ptw

Costs Associated with Implementing Portable Numbers, by percent:

10% Tecnical Implementation
90% Lost Business

In other words, "our business model is threatened by new technology, lets lobby to have our business model mandated by law."

Prior Art:

MPAA
RIAA
Microsoft

"Or maybe we should sue someone."

Prior Art:

SCO

Anyone see a trend in the corporate culture?

It's amazing the type of logic they use. For example, they cite the rampant piracy in the Asian market for the reason Phantom Menace performed lower than expected there. Didn't anyone stop to think that, perhaps, maybe they just figured out it wasn't a very good movie? ;)

Don't Steal Music

Okay, fair enough. But what about copying, which is all these people are/were doing?

Overloading words like "stealing" at the request of nasty anti-freedom companies is just a tool for them to screw us over even more.

Language is power.

Since the 1960's, the intelligence community> has used private corporate contractors, such as Wackenhut, The Curry Company, Scientologythe Music Corporation of America (The Curry Company's parent corporation), and the Mafia to gather information and diseminate disinformation. The changing nature of the information economy, due to the internet and Free Software, threatens the quite lucrative monopoly on information and populace control (hence the recent activities of the RIAA and the MPAA).

It seems to me that the Intelligence Community and the private contractors, who have seen thier profits dwindle since the end of the cold war, seek more to control IT in order to both increase thier ability to monitor the daily lives of private citizens, and to limit the access to information that may inform us about thier covert activities.

The concern of the CIA over technology is not one of information gathering, but one of information, and populace, control.

Box office sales in the US in 2002 came to $9,519m. Ticket sales in the UK in 2002 totalled £812m for the same period - about $1,300m. So the UK market is about 14% the size of the US market. No-one's going to give that up in a hurry.

Ultimately, I think that this will hurt everybody: the big Hollywood studios, the UK studios, and the independents, since 50% of a 33 cent ticket price is only 16.5 cents. At that rate, even if everyone in the United States (population is approx. 280 million) saw a film, it would only pull in 46.2 million.

I think you miss the point about demand pricing. Stelios isn't selling all his tickets at 20p. The price varies with demand. So if you book months ahead for an unpopular film on an unpopular date, you'll likely pay 20p. But if you decide last minute on a Friday evening to go see the latest blockbuster, you'll pay closer to £5. Twenty pence is the minimum; £5 is the maximum.

• Rep. Robert Wexler, D-Fla.: enemy in favor of RIAA/MPAA hacking your computer
• Rep. Tom Feeney, R-Fla.: enemy taking money from Disney

While I like the article, it doesn't link to anything for the reader to make their own comparison.

The EFF has a Super-DMCA archive, with analyses, the templates the MPAA gives to state legislatures, and info on the individual states.

The MPAA has an anti-piracy statement, and press releases relating to legislation , but I was unable to find anything specifically discussing these particular laws after a brief search.

While I like the article, it doesn't link to anything for the reader to make their own comparison.

The EFF has a Super-DMCA archive, with analyses, the templates the MPAA gives to state legislatures, and info on the individual states.

The MPAA has an anti-piracy statement, and press releases relating to legislation , but I was unable to find anything specifically discussing these particular laws after a brief search.

Assuming there are such, as it's currently being hit with a DoS. I think it's the first time a website has deserved a /.'ing. I can think of some others

A clean needle suggests allowing them a safe place to get their fix, not preventing them from doing so (making them have to think up more stealthy/ingenius methods of hacking).

I think a clean needle would run more along the lines of the previously mentioned - give them a proper place to hack. Let them hack a home server, or a site intented to be hacked. I can suggest several sites that seem to be in demand for a good hacking

You didn't get the memo? There is no more fair use for anything electronic any more.

They're losing their Whack-A-Mole game with the true pirates. As a result, they're getting frustrated. They are bound and determined to take their frustrations out on the little guy and want to extend legislation.

Yeah, Hollywood is fucked. Royally. The big media conglomerates (you can't even call them 'studios' any longer) have co-opted "independent" as a marketing device . . . but there are some real indie studios out there, with people who love the material, love the process of bringing it to life, and create great work. It's just hard to find right now, is all.

Umm, does no one watch it because it's hard to find? Or is it hard to find because no one watches it? 99.9% of independent film is horrible, horrible crap. (Not to mention the fact that "independent" film can range from mom's home movies to The English Patient.)

But really, it's not THAT hard to find. Most major cities have film festivals. There are a million of them. Each with a Web site, so it's not hard to get information about them either. Not to mention channels like the Sundance channel, the IFC, iFilm.com and other online distributors of independently produced content.

The age of the studio's independent-film-as-marketing-tool came and went in like 1998. No one thinks of Miramax or Fox 2000 as "indie" anymore. In any event, it's just branding. If the studios are taking an interest in supporting independent film either by cofinancing or distributing, what's wrong with that? These are films that never may have reached an audience otherwise, or even worse, never been made at all without the support of someone in the studio system who wanted to help.

So I guess I'm not sure what you're saying by "Hollywood is royally fucked"?

Do you mean creatively? Do you REALLY think Hollywood is pumping out more crap now than ever before? I mean, horrible Hollywood filmmaking is nothing new-- it's just that no one talks about the really bad crap. It's just filtered out of our collective memories over time.

Do you mean financially? The entertainment industry is traditionally recession-resistant, and 2002 was a $9.5 BILLION year in theater sales alone according to the MPAA (obligatory boo, hiss!).

Do you mean morally? Well, yeah okay, maybe the MPAA are a pack of clueless weasels, but are the Hollywood films themselves of less upstanding content? People have been saying that films have corrupted the youth for generations. Somehow I don't think this is what you were getting at.

The only valid argument I can see is that Hollywood has a lot of competition now. It's easier than ever to make a movie, and independently produced films and videos have the potential to kick Hollywood's ass because they have the potential to be as good as many studio films.

And yes, the Oscar ratings keep slipping. Yes, the computer gaming industry still beats the film industry in annual profits... I don't wanna turn into Jack Valenti here, but how do you mean Hollywood is fucked exactly?

And guess who's out front waving the flag of support for this?

The MPAA and RIAA are not police forces!

look up some DJ Demo Tapes

DJ demo tapes usually contain continuous mixes of copyrighted recordings of copyrighted songs, and because there's not as much of an "open source" community in songwriting as in programming, most songs ("song" in copyright law refers to the melody independent of any recording thereof) are not published under a license allowing free redistribution of recordings.

movie trailers

This could work. I'd assume that at least one of the seven major American motion picture studios would be happy to let you mirror advertisements for its movies. Just ask first.

look for serious abandonware sites

Strictly, copyright lasts ninety-five years, but the fact that the copyright owner has allowed the program to fall out of print may constitute an admission that the work has negligible market value, and market value is one of the four primary factors of fair use.

host linux distros

This should work. However, you should look closely at the license for the distribution; some distributions of free operating systems (such as Theo de Raadt's official OpenBSD) copyright the directory structure of the distro CD and do not license it for free redistribution.

watch /. and wget/archive the referenced web sites with a distinctive name, then posting a link in the /. discussion with the filename (would be coolest if you had it on several p2p networks)

This can actually be legal in the USA under the proxy and caching exemptions passed as riders to the DMCA.

Valenti hates this alliance. That's the best endorsement I've seen yet!

how did the propsed legislation even come to be without the support of any of these major companies?

When Jack Valenti opens his mouth, unfortunately a lot of people in government listen because the MPAA has a ton of money.

The truth is, games these days should be rated.

The truth is, most games HAVE had ratings on them since today's 11-year-olds were in diapers. What's being proposed here is federal legislation making it a crime to sell games with certain ratings to children.

There's no need for this. The same rulings that upheld states' and cities' power to prevent mature books and films from being sold to children, common sense says, also apply to video games.

Why did the movie industry adopt the system of ratings we have now? To hear Jack Valenti tell it, it was so that the government would NOT interfere. Similarly, the government should not interfere here either.

games these days should be rated.

The Internet's Achilie's heel is it's awesome complexity and size. The result is that it's very east for a group to appear, do damage, and then disappear, and never be traced. Worse still, the ease with which this can be done is itself an incentive - a downtime of DNS, or of a Microsoft server, or of Yahoo, is seen as unimportant, easy, and untracable, and people - for whatever reasons, be they sociopathic, vengeful, curious, or egocentric - are attracted to perform these kinds of acts.

It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.

Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".

Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.

There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.

Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?

Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.

The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.

This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti [mpaa.org], the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

The Internet's Achilie's heel is it's awesome complexity and size. The result is that it's very east for a group to appear, do damage, and then disappear, and never be traced. Worse still, the ease with which this can be done is itself an incentive - a downtime of DNS, or of a Microsoft server, or of Yahoo, is seen as unimportant, easy, and untracable, and people - for whatever reasons, be they sociopathic, vengeful, curious, or egocentric - are attracted to perform these kinds of acts.

It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.

Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".

Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.

There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.

Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?

Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.

The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.

This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Write also to Jack Valenti [mpaa.org], the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.

Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".

Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.

There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.

Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?

Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.

The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.

This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator [senate.gov]. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page [mpaa.org]. Write too to Bill Gates [mailto], Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

It's difficult for any reasonable person to know where to begin solving these issues. Traditionally, nailing down machines and networks so they are more secure has been seen as the best approach, but there's little anyone can do about having bandwidth used up by unaccountable "hacked" machines, as is seemingly more and more the modus-operandi.

Attempts to trace crackers are frequently wastes of time, and stiffer penalties for hackers are compromised by the fact that it's hard to actually catch the hackers in the first place. The situation is made worse that many of the most destructive hackers do not, themselves, set up anything beyond sets of scripts distributed to and run by suckers - so-called "script kiddies".

Given that hackers usually work by taking over other machines and coopting them into damaging clusters that can cause all manner of problems, less focus than you'd expect is put onto making machines secure in the first place. The responsibility for putting a computer on the Internet is that of a system administrator, but frequently system administrators are incompetent, and will happily leave computers hooked up to the Internet without ensuring that they're "good Internet citizens". Bugs are left unpatched, if the system administrators have even taken the trouble to discover if there are any problems in the first place. This is, in some ways, the equivalent of leaving an open gun in the middle of a street - even the most pro-gun advocates would argue that such an act would be dangerously incompetent. But putting a farm of servers on the Internet, and ignoring security issues completely, has become a widespread disease.

There is a solution, and that's to make system adminstrators responsible for their own computers. An administrator should be assumed, by default, to be responsible for any damage caused by hardware under his or her control unless it can be shown that there's little the admin could reasonably have done to prevent their machine from being hijacked. Clearly, a server unpatched a few days after a bug report, or a compromise unpatched that has never been publically documented, is not the fault of an admin, but leaving a server unpatched years after a compromise has been documented and patches have been available certainly is. Unlike hackers, it is easy to discover who is responsible for a compromised computer system. So issues of accountability are not a problem here.

Couple this with suitably harsh punishments, and not only will system administrators think twice before, say, leaving IIS 4 out in the wild vulnerable to NIMDA, but hackers too - for the same reasons as they avoid attacking hospital systems, etc - will think twice about compromising someone else's system. Fines for first offenses and very minor breaches can be followed by bigger deterents. If you were going to release a DoS attack into the wild, but knew that the result would be that many, many, system administrators would be physically castrated because of your actions, would you still do it?

Of course not. But even if you were, the fact that someone has been willing to allow their system to be used to close the DNS system, or take Yahoo offline, ought to be reason enough to be willing to consider such drastic remedies. Castration may sound harsh, but compared to modern American prison conditions, it's a relatively minor penalty for the system administrator to pay, and will merely result in discomfort combined with removal from the gene-pool. At the same time, such an experience will ensure that they take better care of their systems in future, without removing someone who might have skills critical to their employer's well being from being taken out of the job market.

The assumption has always been made that incompetent system administrators deserve no blame when their systems are hijacked and used for evil. This assumption has to change, and we must be willing to force this epidemic of bad administration to be resolved. Only by securing the systems of the Internet can we achieve a secure Internet. Only by making the consequences of hacking real and brutal can we create an adequate response to the notion that hacking, per-se, is not wrong, that it causes no damage.

This quagmire of people considering system administrators the innocents in computer security when they are themselves the most responsible for problems and holes will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator [senate.gov]. Write also to Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page [mpaa.org]. Write too to Bill Gates [mailto], Chief of Technologies and thus in overall charge of security systems built into operating systems like Windows NT, at Microsoft. Tell them security is an important issue, and is being compromised by a failure to make those responsible for security accountable for their failures. Tell them that only by real, brutal, justice meted out to those who are irresponsible on the Internet will hacking be dealt with. Tell them that you believe it is a reasonable response to hacking to ensure that administrators who fail time and time again are castrated, and that castration is a reasonable punishment that will ensure a minimal impact on an administrator's employer while serving as a huge deterent against hackers and against incompetence. Tell them that you appreciate the work being done to patch servers by competent administrators but that if incompetent admins are not kept accountable, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how poor security harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies concerning maladministration of computer systems connected to the public Internet.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

• Browsing of terrorist or dissenting, un-patriotic, or otherwise not wholesome all-american websites.
  
  
• Use of any audio/video compression technology other than lisenced and government approved encoding protocols. No matter if you have no pirate material, If you have the ability and tools, you're dangerous enough!
  
  
• Any expression of dissenting or un-patriotic views or opinions in your messenger histories, message board/newsgroup postings, emails, or slashdot poll votes.

At the same time, this is a useful project - clearly, Ethernet is a common communications infrastructure component, and is probably one of the most flexible. This type of technology means that someone can plug a (commodity?) component into an unquestionably commodity network infrastructure, something not really available right now. There's no need to rewrite the home because the best place for the CD deck is in one room, and one place where the output might want to be listened to is another.

These two issues are important - a problem has been solved with open components, and it would be impossible to solve that problem without that open infrastructure. Yet various groups, lead by the MPAA (and to an extent cheered on by the RIAA, the representative of the recording industry which has concerns about unauthorized copying) have promoted laws that remove that ability to problem solve. In the end, the output of copyrighted material producers is being compromised by these actions, but this doesn't stop them as there's an assumption that open technologies are bad, and that technologies need to be centrally controlled and contain technologies to prevent not merely uses of copyright material that are clearly unfair to the content producers, but also of uses of that material that the producers have not heard of.

One company, Microsoft, has already proposed and demonstrated technologies that would make projects such as the above impossible. Content would not be copyable onto unprotected commodity components in Palladium, a digital restrictions mechanism that uses encryption and authorization at the hardware level to divide a world into "trusted" and "untrusted" realms. While Microsoft argues their technology is voluntarily, a content producer can restrict use of their content to only those who sign up for the technological restrictions.

This is a block on innovation. It's a block on personal freedom. In the end, it will cause damage not merely to consumers but also to those who produce content. We face a future of stagnant information growth, resembling more the state of Brewery development in the 60s, 70s, and 80s, than the technology industry during the same period.

Palladium is backed by entertainment industry promoted laws such as the DMCA, that make it illegal to bypass access control mechanisms, such as Palladium's Digital Restrictions Mechanisms.

This quagmire of a paranoid entertainment industry crippling the future both of content production and technology will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Write also to the Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of Palladium, at Microsoft. Tell them you understand the concerns content producers have about unauthorized copying, but that without an open technological infrastructure, the value of content will be lowered, and as the bar to entry into content production is raised more and more innovation will be sucked out of the industry. Tell them that technologies such as Palladium, DVD CSS, and other technological locks, will damage both the content and technology industries in ways that go well beyond anything reasonable. Tell them that you appreciate the work being done to create new ways of viewing and hearing content but that if those technologies are closed, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how digital restrictions harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies towards legally enforcing clearly damaging restrictions management systems.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

At the same time, this is a useful project - clearly, Ethernet is a common communications infrastructure component, and is probably one of the most flexible. This type of technology means that someone can plug a (commodity?) component into an unquestionably commodity network infrastructure, something not really available right now. There's no need to rewrite the home because the best place for the CD deck is in one room, and one place where the output might want to be listened to is another.

These two issues are important - a problem has been solved with open components, and it would be impossible to solve that problem without that open infrastructure. Yet various groups, lead by the MPAA (and to an extent cheered on by the RIAA, the representative of the recording industry which has concerns about unauthorized copying) have promoted laws that remove that ability to problem solve. In the end, the output of copyrighted material producers is being compromised by these actions, but this doesn't stop them as there's an assumption that open technologies are bad, and that technologies need to be centrally controlled and contain technologies to prevent not merely uses of copyright material that are clearly unfair to the content producers, but also of uses of that material that the producers have not heard of.

One company, Microsoft, has already proposed and demonstrated technologies that would make projects such as the above impossible. Content would not be copyable onto unprotected commodity components in Palladium, a digital restrictions mechanism that uses encryption and authorization at the hardware level to divide a world into "trusted" and "untrusted" realms. While Microsoft argues their technology is voluntarily, a content producer can restrict use of their content to only those who sign up for the technological restrictions.

This is a block on innovation. It's a block on personal freedom. In the end, it will cause damage not merely to consumers but also to those who produce content. We face a future of stagnant information growth, resembling more the state of Brewery development in the 60s, 70s, and 80s, than the technology industry during the same period.

Palladium is backed by entertainment industry promoted laws such as the DMCA, that make it illegal to bypass access control mechanisms, such as Palladium's Digital Restrictions Mechanisms.

This quagmire of a paranoid entertainment industry crippling the future both of content production and technology will not disappear by itself. Unless people are prepared to actually act, not just talk about it on Slashdot, nothing will ever get done. Apathy is not an option.

You can help by getting off your rear and writing to your congressman or senator. Write also to the Jack Valenti, the CEO and chair of the MPAA, whose address and telephone number can be found at the About the MPAA page. Write too to Bill Gates, Chief of Technologies and thus in overall charge of Palladium, at Microsoft. Tell them you understand the concerns content producers have about unauthorized copying, but that without an open technological infrastructure, the value of content will be lowered, and as the bar to entry into content production is raised more and more innovation will be sucked out of the industry. Tell them that technologies such as Palladium, DVD CSS, and other technological locks, will damage both the content and technology industries in ways that go well beyond anything reasonable. Tell them that you appreciate the work being done to create new ways of viewing and hearing content but that if those technologies are closed, you will be forced to use less and less secure and intelligently designed alternatives. Let them know that SMP may make or break whether you can efficiently deploy OpenBSD on your workstations and servers. Explain the concerns you have about freedom, openness, and choice, and how digital restrictions harms all three. Let your legislators know that this is an issue that effects YOU directly, that YOU vote, and that your vote will be influenced, indeed dependent, on their policies towards legally enforcing clearly damaging restrictions management systems.

You CAN make a difference. Don't treat voting as a right, treat it as a duty. Keep informed, keep your political representatives informed on how you feel. And, most importantly of all, vote.

I think the key term here is "free". As long as you're not making (a) money from a sale, and (b) additional copies of the media, I think you're safe. The idea is that one copy of the media has been paid for by someone, and one copy of it is being transferred around your immediate "circle of friends". The "circle of friends" part is my way of saying that you can't rent out a theatre and charge the public to come and watch the DVD you paid for.

According to http://www.mpaa.org, "Videocassette piracy is the illegal duplication, distribution, rental or sale of copyrighted videocassettes".

All this said, I think you're not breaking any laws by lending a legitimately purchased tape/CD/DVD to a friend provided that you're not making any money, and you're not making any copies. This doesn't mean that it's illegal to sell your old CDs to a used CD store. It just means that the law is not as crystal clear on that type of transaction.

And remember, IANAL, so take all of this with a grain of salt. Next time you rent a DVD, take a minute to fully read that warning text before the movie. It's pretty straightforward.

Check this link for more interesting text, Especially the parts about "VIDEOCASSETTE PIRACY", "Back-to-back Copying", "SIGNAL THEFT", "BROADCAST PIRACY", and "PUBLIC PERFORMANCE". At the very least, it's interesting to see exactly what the MPAA has to say about these issues without all of the Slashdot conjecture that you really can't trust.

http://www.mpaa.org/anti-piracy/

They spent all that time and effort when all they had to do was google on MPAA

I don't really like cinemas, and its just giving money to a cartel. I'll wait for the the DVD. I think in the meantime I'll just get the soundtrack, and make do with the book. Is it available in Adobe E-book format?

I would consider the NRA's possition extreme because they are unwilling to compromise.

As one gunmaker says in its ads, "in a world of compromise, some don't." Would you compromise your free-speech rights (say, the ability to write whatever software you want) in order to improve some group's security (such as the Media Mafia)? I didn't think so.

With the sniper stuff in Washington D.C. they were talking about taking 'barrel prints' of guns out of the factory, and the NRA opposed. Why, because they thought it was one step closer to taking the guns away!

That was a factor (and an important one), but there's also the consideration that so-called "ballistic fingerprinting" is nearly completely useless for tracking a gun from its manufacture to its possible use in a crime. Ordinary wear and tear will change the breech and barrel over time...and if a criminal wanted to accelerate the process somewhat, a few minutes with a Swiss file would make even more drastic changes.

• One)
  1330 Connecticut Avenue N.W., Suite 300
  Washington, D.C. 20036
  
  
• Two)
  15503 Ventura Blvd.
  Encino, California 91436
  
  and
  
  
• Three)
  One Microsoft Way
  Redmond, WA 98052-6399
  

There are a quite a few Hollywood moguls who should become waiters. Maybe they would learn a little humility.

"It is unfortunate that some people may attempt to illegally hack or break into this security system. However, even if a few are successful, the flag will not be worthless. Most people are honest and will not attempt to circumvent the flag. We are hopeful that the broadcast flag will enable content providers to release more of their programming in HDTV format and drive the market forward providing new options for consumers. Consumers should not lose out just because there is threat against the technology"

The problem faced by the EFF and like organizations will be convincing the public that they are not a bunch of .mp3-trading IP thieves. They are up against the deep, deep pockets of the entertainment industry, and faced with a credulous public which, as a rule, follows blindly along with the flashiest commercials (or most effective marketing campaign, as we were taught in b-school). I sincerely hope the EFF will be able to put a responsible face on digital copying and fair use issues, and will not end up looking like amoral war3z kidd33z

by Adam C. Engst <ace@tidbits.com>

Much has been written about what's wrong with the Digital Millennium Copyright Act (DMCA). After all, it's been used to jail programmers, threaten professors, and censor publications, and because of it, foreign scientists have avoided traveling to the U.S. and prominent researchers have withheld their work. In a white paper about the unintended consequences of the DMCA, the Electronic Frontier Foundation argues that the DMCA chills free expression and scientific research, jeopardizes fair use, and impedes competition and innovation. In short, this is a law that only the companies who paid for it could love.

<http://www.eff.org/IP/DMCA/20020503_dmca_conseq uences.html >
<http://www.educause.edu/issues/dmca.html>
<http://anti-dmca.org/>

Just who are we talking about here? Primarily the large movie studios and record labels, who own the copyrights on vast quantities of content and who have been working with one another and via their industry associations, the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA), to control how we are allowed to interact with that content. Their unity of purpose and storm-trooper tactics have led some to dub them the Content Cartel.

<http://www.riaa.org/>
<http://www.mpaa.org/>

However, the DMCA is merely one link in a chain that's being used by the Content Cartel and many others to restrict access to the shared cultural heritage of the world, and in the process, extract money from our pockets, stifle innovation and competition, and protect entrenched interests.

DMCA and Trusted Systems -- I recently attended a talk by Professor Tarleton Gillespie <tlg28@cornell.edu> of Cornell University in which he made a compelling argument for how the Content Cartel is using the legal force of the DMCA to direct us down a path where content cannot exist outside of a trusted system, which is a set of hardware, software, and file formats that all agree on what the user is allowed to do with a piece of content. (The trust here is between the pieces of the system, because the content owners don't trust their customers at all.) The trusted system's goals are simple - to eliminate all unauthorized uses and create a situation where we pay more for the content we consume.

A trusted system could prevent you not only from copying a CD or DVD, but also from listening to the CD more than a certain number of times in a day or skipping commercials on a DVD or on broadcast television. Along with requiring us to buy new hardware to play such content and buy new protected versions of the content we already own, a trusted system could have another ill effect. That's because it could prevent us from working with content we would create, using tools such as those Apple kindly provides in iMovie, iDVD, iTunes, and iPhoto. In the worst case scenario, Apple could lose not just the Mac's current digital media advantage in the marketplace, but the ability to work with digital media at all. See Cory Doctorow's article on the broadcast flag in TidBITS-642 for more on this disturbing possibility.

< http://db.tidbits.com/getbits.acgi?tbart=06901>

Professor Gillespie illustrated how this could happen with a discussion of the awkwardly named Content Scramble System (CSS), used to prevent people from copying DVDs, and the DeCSS software created by a Norwegian teenager with help from others on the Internet to build a Linux DVD player.

(A brief aside: DeCSS violates the DMCA's anti-circumvention provisions, which ban devices or services that are designed primarily to circumvent copy prevention technologies, that have only limited commercially significant purpose other than circumvention, or that are marketed for circumvention. The DMCA was signed into law in large part to bring the U.S. into compliance with a pair of World Intellectual Property Organization (WIPO) treaties that require anti-circumvention protections in the copyright law of signatory nations. You might think Norway would be included among the nations signing these WIPO treaties, but in fact, only 37 countries have signed on, including the U.S. and Japan, along with the likes of Kyrgyzstan, Gabon, and Paraguay. We're not talking about full international support here, especially in contrast to the 149 signatories to the more general and long-standing Berne Convention for the Protection of Literary and Artistic Works.)

<http://www.wipo.int/treaties/ip/wct/>
<http://www.wipo.int/treaties/ip/berne/>

In particular, Professor Gillespie focused on three defenses used in the court case filed against Eric Corley, publisher of the hacker magazine 2600, by eight movie studios to prevent 2600 from publishing the DeCSS software. Although Eric Corley didn't create DeCSS, he made it available on the 2600 Web site. His lawyers' defenses focused on ways DeCSS might escape the anti-circumvention provisions in the DMCA, which was the law under which the case was being tried.

Let's look at these defenses, all of which the court eventually dismissed in ruling for the movie studios and enjoining 2600 magazine from posting the DeCSS code. A subsequent appeal also failed, and the defendants chose not to appeal again to the Supreme Court (probably a wise move - this particular case struck me as fairly weak).

<http://www.eff.org/IP/Video/MPAA_DVD_cases/2000 0830_ny_amended_opinion.pdf>
<http://www.eff.org/IP/Video/MPAA_DVD_cases/200111 28_ny_appeal_decision.html>

Create a Linux Player -- The primary defense that Eric Corley's legal team, funded by the Electronic Frontier Foundation (EFF), advanced was that CSS was reverse engineered and DeCSS written to further the development of a DVD player for Linux, which allegedly had no way of playing DVDs at the time (four players are available now; see the Linux Journal review linked below for details). Unfortunately, the judge deemed the defense utterly irrelevant because the DMCA offers no relief based on motivation. In short, if a technology violates the DMCA's anti-circumvention provisions, the purpose for which that technology was created simply doesn't matter. The judge also wasn't impressed with the fact that DeCSS is actually a Windows program, so although it could be argued that it was a necessary step in the creation of a Linux DVD player, it's a weak argument.

<http://www.linuxjournal.com/article.php?sid=564 4>

The obstacle that actually lies in the way of creating a DVD player is the lack of a key to decrypt the CSS encryption used on DVDs. The only way to come by such a key is to sign a contract licensing CSS from the DVD Copy Control Association (DVD CCA), a group made up of companies representing the movie studios, consumer electronics companies, and the computer industry. At $15,500, the licensing cost is not usurious, but the contract effectively prevents individuals and small organizations from licensing CSS. For instance, in the event of a material breach of contract, the licensee is liable for $1 million, and damages can grow to a maximum of $8 million. In addition, the contract prevents licensees from reverse engineering CSS or working in any way counter to the goal of CSS's protection of DVDs.

Put simply, the CSS license is the sort of thing only large companies can reasonably sign, so it's clear that the effect of the DVD CCA contract is to keep newcomers out of the cozy little club. Perhaps that wasn't a likely concern before the age of the Internet, but the rise of Linux and the open source movement shows that small, informal groups organized over the Internet can produce software that threatens the largest of companies.

The end result here is that innovation is stifled. Companies that license CSS cannot, even if they wanted to, produce products that consumers might like to buy, such as DVD recorders that could copy a DVD. That keeps new companies, niche players, or even independent programmers from competing with the consumer electronics giants with innovative features that in any way run afoul of CSS. So although the consumer electronics companies might not have minded consumers copying DVDs, since they would sell the equipment to make that happen, it's worthwhile for them to abide by CSS to eliminates potential competition.

Equally as problematic is that the CSS license's numerous requirements force the consumer electronics firms to be technologically responsible for regulating our movie viewing and copying behaviors for the studios. Signing this draconian contract is an all-or-nothing deal, so the movie studios have cleverly managed to pass off the dirty work of technological regulation on everyone else (they just produce the content; the DVD and player manufacturers must implement CSS). It's a big step toward a trusted system in which all the parties are bound by the CSS contract.

(As an aside, another effect of the CSS contracts is also to move the entire issue from the world of copyright law, where there is at least some presumption of needing to benefit the public, into the world of contract law, which doesn't give a damn about the public good. If this continues to the logical extreme, the concept of copyright, and unauthorized access to any content, could be locked up forever in simple contracts that lie underneath a trusted system's technologies, all backed up by the DMCA's anti-circumvention provisions.)

Perform Encryption Research -- Another defense that Eric Corley's lawyers put forth was that DeCSS was created as research into the CSS encryption method, since the DMCA does allow copy-prevention technologies to be circumvented for encryption research. However, the DMCA specifically requires that the encrypted copy be obtained lawfully and that the person performing the research make a good faith effort to obtain authorization in advance. In addition, the decryption tools from such research may be shared only with collaborators for good faith research purposes - in other words, distributing these tools publicly isn't kosher.

Note the words good faith above. In determining whether encryption research is good faith, the judge said the court must determine whether the results are disseminated in a way that advances the state of knowledge of encryption technology, whether the person is engaged in legitimate study of work in encryption, and whether the results are communicated to the copyright owner in a timely fashion. Deciding that none of these tests were true of Eric Corley, the judge dismissed out of hand the claims that DeCSS had protection under the encryption research exception to the DMCA.

Looking past the specifics of this case, consider the ways in which encryption research is considered to be in good faith. You must be a legitimate researcher, have a goal of advancing the state of knowledge, and have at least made an effort to get authorization from the copyright owner. Now think about how these requirements completely disenfranchise the interested individuals and the Internet technical geek community. What does it take to be considered a legitimate researcher - a white coat, thick glasses, and a job with a university, corporation, or government body?

What we're seeing here is how the DMCA in essence props up the status quo, denying that legitimate research could be done outside the halls of academia or a company's R&D department. Left on the outside are the crazy ones, the misfits, the rebels, the troublemakers... oh hell, go read the rest of Here's to the crazy ones from Apple's Think Different ad campaign for yourself. Whether we're talking about Apple's target audience or the open source community that has had Microsoft running scared is immaterial. The point is that the DMCA, supported by this court ruling, prevents that sort of person from doing anything that's not sanctioned.

<http://www.apple.com/thinkdifferent/>

Report as a Journalist -- A third defense that Eric Corley's lawyers offered was that posting DeCSS was protected by the First Amendment's protection of the press, and by the First Amendment in general. It took the judge significantly longer to dispose of this defense, since free speech issues are notoriously tricky, but in the end, he concluded that the speech in this case is content-neutral due to the functional nature of the DeCSS code. He then went on to note that regulation of content-neutral speech is acceptable if it advances the government's interests and that preventing the copying of digital works is a government interest due to the existence of the Copyright Clause in the U.S. Constitution and the importance to the U.S. economy of exporting copyrighted materials.

If you haven't looked at the Constitution recently, the Copyright Clause reads, To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries. Personally, I come down on the side of copyright existing to benefit society through the progress of science and the useful arts, and only secondarily to give authors and inventors exclusive rights. By my reading, the government interest thus lies in promoting the progress of science and the useful arts, and there's no question that the DMCA eliminates progress.

<http://www.law.cornell.edu/constitution/constit ution.articlei.html>

But I digress. The final result of the case was that Eric Corley and 2600 may not post DeCSS on their Web site or knowingly link their Web site to any other site on which DeCSS is posted. The decision was worded carefully so that linking in general would not be affected by the DMCA, but only in cases where those responsible for the link (a) know at the relevant time that the offending material is on the linked-to site, (b) know that it is circumvention technology that may not lawfully be offered, and (c) create or maintain the link for the purpose of disseminating that technology.

In other words, it's acceptable to link to DeCSS if your intent is not to disseminate DeCSS, but merely to report on its availability, a fact I proved to my satisfaction with a trivial Google search on download DeCSS that provided over 17,000 hits, many of them still functional. You can verify this for yourself; just remember that DeCSS is only for Windows.

<http://www.google.com/search?q=download+DeCSS>

Here's where Professor Gillespie's argument becomes a bit more speculative. Although the court went no further in this case, he suggested that in any future cases in which the legitimacy of linking was called into question, he felt that the court would include in its deliberation the nature of the publication in question. For example, if the New York Times chose to link to DeCSS or some other technology that violated the DMCA (as in fact the San Jose Mercury News and Wired News have, in making the point that a ban on linking is seriously problematic), he felt that the court would have little trouble accepting the journalistic intent of the link. On the other hand, if some silly little electronic newsletter aimed at Macintosh and Internet users were to perform the same action, he was concerned that it would be more difficult to make the same defense. And if TidBITS wouldn't match up to the journalistic level of the New York Times in the eyes of a theoretical court, what about a blogger?

The end result would be that this court's interpretation of the DMCA could have the same effect of stabilizing the large news organizations in favor of the small newsletters and bloggers who are redefining what journalism means in today's Internet-enabled world. Speaking as someone who has done some of that redefining over the last 12 years, that worries me.

Regime of Arrangement -- In the end, Professor Gillespie argues that the true power of the DMCA is not so much related to its effect on copyright but these ways it weaves established organizations like large manufacturing corporations, research universities, and media conglomerates into what Professor Gillespie calls a regime of arrangement.

Don't assume that these established institutions are necessarily being co-opted against their will. Apple's Think Different campaign reads like a manifesto for the very people who are disenfranchised under this regime of arrangement, and yet Apple is a member of the DVD CCA, and, obviously, a licensee of CSS for the DVD hardware and software that comes with the Mac. The open source community has proved the power of teams of independent programmers as an alternative to the traditional software development model, not to mention the ivory towers of research institutions. Distance education hints at the decline of the traditional university, and entrenched media organizations have struggled for years with the way the Internet lets anyone be a publisher.

If there's one theme we take into the 21st century, it's decentralization, and you can see it everywhere. The PC overtaking the mainframe, Napster changing the face of music distribution despite the recording industry's best efforts, DeCSS causing the movie studios conniptions, Linux successfully challenging the mighty Microsoft's server operating systems, even the terrorist attacks on the World Trade Center and the Pentagon - all are examples of the power of decentralization and the ever-increasing clash between these forces of decentralization and the centralized power structures that control everything about our world. I have no answers here, but I'd note that despite the awesome power of both systems, I'm seeing the forces of decentralization making significant inroads.

What Can We Do? I've been attending a number of talks on copyright and intellectual property issues at Cornell over the last year. Almost without exception, the talks are warnings of dark times ahead (obviously, most are slanted toward the academic and library worlds), but at the same time, none have offered any suggestions for how we can work to reverse the efforts on the part of the Content Cartel to lock up our cultural heritage and stifle innovation for the future.

At a recent talk by Alan Davidson of the Center for Democracy and Technology (CDT), I chatted with Alan afterwards about this problem, and he agreed it was a concern, but had no silver bullet to prevent the hordes of well-funded Content Cartel lobbyists from having their way with our elected representatives. I, too, have trouble knowing what will be effective, but I offer these possibilities.

<http://www.cdt.org/>

• Spread the word to everyone you know. In most cases, the best argument is probably that the entire situation is a move on the part of big business to make everyone buy new consumer electronics and new copies of all of their content. If the Content Cartel gets their way, it will cost you. In some situations, making the intellectual commons argument - that our culture needs access to its cultural heritage to grow - can be effective, though it's generally too abstract. Try to avoid sounding like a zealot (I know it's hard: every time I hear of the latest attempt on the part of these companies to criminalize their customers, it makes me want to spit.)

• Support civil liberties organizations like the Electronic Frontier Foundation (EFF) and CDT that are working to protect our rights. As you'll see in the PayBITS block at the end of this article, I plan to donate all the proceeds from this article to the EFF to help do my part.

<http://www.eff.org/>

• Between 19-Nov-02 and 18-Dec-02, write to the Library of Congress with any evidence you can provide on whether non-infringing uses of certain types of copyrighted materials are likely to be adversely affected by the DMCA's anti-circumvention mechanisms. To get an idea of what they're looking for, I highly recommend reading Dan Bricklin's Copy Protection Robs the Future essay, in which he talks about his efforts to post an original copy of VisiCalc, the ground-breaking spreadsheet program he created.

<http://www.copyright.gov/1201/comment_forms/>
<http://www.bricklin.com/robfuture.htm>

• Express your concerns to your elected representatives whenever appropriate. EFF maintains an action center that makes it extremely easy to write your appropriate representatives. While you're at it, you might ask how it is that an entire industry is allowed to create a restrictive technology like CSS, require highly limiting contracts, and influence legislation (the DMCA). One of the industry witnesses in the Corley case testified that this three-pronged approach was exactly what the movie studios aimed at creating. Ironically, given that the end goal is a trusted system, this sounds a whole lot like the legal definition of a trust, which is a combination of corporations for the purpose of reducing competition and controlling prices throughout an industry.

<http://action.eff.org/>

I have to admit, I'm worried that none of this will be enough. The Content Cartel has the aura of celebrity on their side - they're protecting the rock stars and movie stars who sit at the pinnacle of today's society. They're the cool kids, whereas the people who campaign for civil liberties are often considered dull and overly earnest. My main ray of hope is that the reason most of the software industry voluntarily gave up copy protection technologies - primarily that consumers hated copy protection - will rise again, but unless we speak out now, all of our content may be locked up in a trusted system protected by the DMCA.

Umm. You are getting your parties confused. Jack Valenti isn't exactly popular with Republicans. In fact it has already been suggested in some conservative opinion journals that the complete evisceration of Valenti's legislative agenda would be fitting punishment for Hollywoods underwriting of the Democratic party.

The fact that Valenti used to be part of LBJ's administration (he was Special Assistant to the President) wouldn't exactly help him score points with the incoming Congress, either.

BTW, if you live in Las Vegas, Jack Valenti will be on the morning program on KXNT tomorrow. If I had to guess, he'll be on in the 8-o'clock hour (they usually do movie reviews in that hour on Fridays). The station's call-in line is 702 733-5968 (733-KXNT). There's also a comment line through which you can leave a message that might get played at 8 the next morning...IIRC, that number is 702 889-7436 (it's called the "8 o'Clock Flip-Off"). Could be interesting to see how their answering machine handles a slashdotting...

(If you try calling in, keep in mind that Nevada is in the Pacific time zone.)

who gives a flying, well, anything, about some industry assoc in a foreign country?

The MPAA has an export arm called MPA whose job is to market MPAA films worldwide. It has been called the "State Department of the MPAA".

This is answered in the MPAA FAQ :- How do I open a Movie Cafe?

On what planet are you on?

DVD is no where near as popular as VHS! It will take years before VHS is even considered to be dropped.

According to the MPAA they sold over 639 million pre-recorded videocasettes in 2001.

I must be able to buy a movie on a DVD and play this movie on a computer of my choice under operating system of my choice. If I choose to play the movie under some distribution of open source operating system, or any GNU (free software) operating system I must be able to do so. DMCA makes it impossible to legally play my DVD under GNU/Linux for example, since MPAA will not allow a license for DVD player software to be distributed under GNU; DMCA makes it illegal to reverse engineer DVD format.

MPAA DMCA FAQ

Question:

Doesn't the DMCA allow reverse engineering for compatibility, for example to allow playing of a DVD on a Linux operating system-driven personal computer?

Answer:

The DMCA does allow reverse engineering. However, the reverse engineering provisions in the DMCA were never intended to enable anyone to circumvent technical protection measures (TPMs) for the purpose of gaining unauthorized access to or making unauthorized copies of copyrighted works.

The DMCA does allow a lawful user of a computer program to circumvent TPMs to ensure that the program can work with other programs (interoperability); and, with strict limitations, the research may be shared with others, as long as it does not infringe the copyright in the original or a related work. However, reverse engineering is not permissible if there is a readily available commercial alternative for that purpose. In this case, there exist MANY commercially available DVD players.

Get it from Amazon for [$3.99 cheaper]

And fund enforcement of a patent that should never have been granted. If you want to preserve balance in the Force, you have to give to EFF every time you give to a company that employs "evil" practices with respect to statutory monopolies. That's why I don't buy more than $65 a year from Disney, Time Warner, Universal, or the other big nine copyright companies, and that's also why I don't buy from Amazon or use Unisys products.

"Anybody else doing anything interesting with 100+ gigs space?"

I would, but Valenti would kick my ass.

Wasn't that the price of a 30-second commercial during the last couple years of Seinfeld?

As nice as this is, a million dollars just isn't going to cut it against Big Media. Until we make this a national policy issue, one where actual numbers of voters are involved, we're pretty much screwed. Until then though, I suppose a million bucks can fund some studies and research to strengthen our position from a logical standpoint once the public realizes that they're being screwed.